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(54) COPYRIGHT PROTECTIVE SYSTEM, TRANSMITTER, RECEIVER, BRIDGE DEVICE, 
COPYRIGHT PROTECTIVE METHOD, MEDIUM, AND PROGRAM 



(57) In the case that a bridge unit is connected to a 
network such as an IEEE 1394 bus, the desire of copy- 
right holders for limitation on the number of apparatuses 
that can receive a signal cannot be met. 

The invention is characterized by providing at least 
one reception unit, or more, that receives and utilizes 
data requiring copyright protection, connected to a net- 
work and by providing a transmission unit 20 for trans- 
mitting data requiring copyright protection to a reception 
unit by utilizing a network, wherein the transmission unit 
20 has an authentication means 23 on the transmission 
side for carrying out authentication for a reception unit 
and an authentication number counting means 24 for 
counting the authentication number that is the number 
of the authentications carried out by the authentication 
means 23 on the transmission side while the reception 
unit has an authentication means on the reception side 
for carrying out authentication for the authentication 
means on the transmission side and wherein the above 
authentication number is limited. 
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Description 



Technical Field 

A 

[0001] The present invention relates to a copyright 
protection system, a transmission unit, a reception unit, 
a bridge unit, a copyright protection method, a medium 
and a program wherein data requiring copyright protec- 
tion is transmitted or received while the copyright of the 
data is protected. 

Background Technology 

[0002] In recent years network technology for making 
connections between audio visual systems has come 
into common use. As one of such networks, a serial bus 
(hereinafter referred to as IEEE 1394 bus) of the IEEE 
1394-1995 standard (hereinafter referred to as IEEE 
1394) exists. IEEE 1394 is a standard of high speed bus 
system for carrying out a serial transmission, wherein 
data can be synchronously transmitted so that a real 
time transmission of audio visual data, or the like, is pos- 
sible. This IEEE 1394 has begun to be installed in a va- 
riety of digital video and sound apparatuses, such as 
digital audio visual apparatuses for home use, as an ex- 
ternal interface. 

[0003] On the other hand, in the case that data requir- 
ing copyright protection such as newly released movies 
or TV programs, music of paid broadcasts is handled, it 
is necessary to protect the copyright. As an effective 
method for protecting copyright, there is a method of the 
encrypting of data requiring copyright protection so as 
to limit the utilization of the data. 
[0004] For example, when video and sound data 
(hereinafter referred to as AV data) is transmitted utiliz- 
ing an IEEE 1394 bus, such AV data is encrypted at the 
time of transmission in the case that copyright protection 
of the AV data is required. As an example of this, the 
DTCP (digital transmission content protection) system 
has become a standard. 

[0005] The DTCP system is provided with an authen- 
tication function and a key nullification function so that 
copyright protection is implemented by encrypting and 
transmitting data requiring copyright protection, such as 
AV data, while excluding unauthorized apparatuses at 
the time of data transmission over an IEEE 1394. 
[0006] A transmitter for transmitting content data en- 
crypts content data with a content key. This content key 
is periodically updated by the transmitter. The transmit- 
ter encrypts the content key with a key called an ex- 
change key and transmits the content key to a receiver 
in order to safely pass the updated content key to the 
receiver 

[0007] The authentication function is required for 
passing the key for decrypting the encrypted data to only 
the receiver that has received a DTCP license and a full 
authentication utilizing public key encryption technology 
and a limited authentication utilizing common key en- 



cryption are used in accordance with copy limitation in- 
formation (such as "copy once" or "copy never") added 
to the data and in accordance with the characteristics of 
the apparatuses (such as inclusion of a recording funo 
5 tion, inclusion of a display function only, whether or not 
format analysis and decoding are possible within data). 
An apparatus compatible with the full authentication 
system has certificate data including a signature added 
by a licensing organization. Atthetime of authentication, 
10 the certificate data is transmitted and received so that 
the signature is determined to be correct by utilizing an 
algorithm of an electronic signature using public key en- 
cryption technology. Random numbers are transmitted 
to each other together with the certificate data and, 
is thereby, an authentication key that is effective only be- 
tween the two apparatuses wherein authentication is 
carried out can be produced within the respective appa- 
ratuses by using the random numbers from both sides. 
[0008] An apparatus compatible with the limited au- 
20 thentication system has common secret information and 
a processing function. At the time of authentication, 
challenging random numbers are transmitted. The ap- 
paratus that has received the random numbers carries 
out processing according to a predetermined function 
25 and sends back the result. The apparatus, which has 
transmitted the challenging random numbers, com- 
pares the response and the value that is processed with- 
in the apparatus and, thereby, confirms that the other 
apparatus is the authorized apparatus. An authentica- 
te tion key that is effective only between the two appara- 
tuses that carry out the authentication can be produced 
within the respective apparatuses by using random 
numbers from both sides. 

[0009] When the authorized apparatus can be con- 
35 firmed through the above described authentication proc- 
ess, the transmitter encrypts the exchange key with the 
authentication key and transmits the exchange key to 
the receiver. Thereby, a content key can be gained at 
the receiver side so that the received encrypted con- 
40 tents can be decrypted and utilized. 

[0010] In the following, the IEEE 1394 bus system is 
described in reference to Fig 12. 
[0011] In Fig 12, IEEE 1394 bus #1 (50) and IEEE 
1394 bus #2 (51) are, respectively, different IEEE 1394 
45 buses and are connected to each other by a bridge unit 
52. 

[001 2] Devices such as device #0 (53) and device #1 

(54) are connected to IEEE 1394 bus #1 (50). 

[001 3] Devices such as device #0 (58) and device #1 

so (59) are connected to IEEE 1394 bus #2 (51). 

[0014] Device #0 (53), device #1 (54), device #0 (58), 
device #1 (59), and the like, are apparatuses for trans- 
mitting or receiving data by utilizing IEEE 1394 bus #1 
(50) or IEEE 1394 bus #2 (51) and are, for example, an 

55 STB (set top box) or a TV (television). 

[0015] In addition, bridge unit 52 is a unitthat receives 
data, which is transmitted from device #2 (55), or the 
like, connected to IEEE 1394 bus #1 (54) , and transmits 
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the data to IEEE 1394 bus #2. 
[0016] in the IEEE 1394 standard there is a limitation 
whc irein a maximum of sixty-three devices can be simul- 
taneously connected to one bus. Accordingly, a maxi- 
mum of sixty-three devices can be simultaneously con- 
nected to IEEE 1 394 bus #1 (50) and, in addition, a max- 
imum of sixty-three devices can be simultaneously con- 
nected to IEEE 1394 bus #2 (51). 
[0017] For example, in the example of Fig 12, seven 
devices, including bridge unit 52, are connected to IEEE 
1394 bus #1 (50) and, therefore, fifty-six additional de- 
vices can be connected. 

[0018] Device 53 transmits data at a transmission rate 
of 20 Mbps through a synchronous transmission called 
an isochronous transmission to channel 1 of IEEE 1 394 
bus #1 (50). Then, device #1 (54) receives the data that 
is transferred to channel 1 of IEEE 1394 bus #1 (50). 
[0019] In addition, device #4 (56) transmits data at a 
transmission rate of 40 Mbps to channel 63 of IEEE 
1 394 bus #1 (50). Then , device #5 (57) receives the data 
transmitted over channel 63. 

[0020] Device #0 (58) transmits data at a transmission 
rate, of 30 Mbps to channel 2 of IEEE 1394 bus #2 (51) 
in the same manner and device #1 (59) receives the da- 
ta transmitted to channel 2. In addition, device #3 (61) 
transmits data at 30 Mbpb to channel 1 and device #4 
(62) and device #5 (63) simultaneously receive data 
transmitted to channel 1 . 

[0021 ] On the other hand, device #2 (55) transmits da- 
ta at a transmission rate of 20 Mbps to channel 0 of IEEE 
1394 bus #1 (50). Bridge 52 receives data transmitted 
to channel 0 of IEEE 1394 bus #1(50), which is trans- 
mitted to channel 0 of IEEE 1394 bus #2 Then, device 
#2 (60) receives data that is transmitted to channel 0 of 
IEEE 1394 bus #2 (51). 

[0022] Thus, it is possible to transmit data in real time 
by utilizing an isochronous transmission and the data 
transmitted by a device can be received in real time by 
a device connected to a different bus through a bridge 
unit when the two different IEEE 1394 buses are con- 
nected via bridge unit 52. 

[0023] Furthermore, copyright holders have a desire 
for the number of reception apparatuses that can re- 
ceive a signal from the apparatus that becomes a signal 
source to be limited at the time when video and sound 
data (AV data) requiring copyright protection, or the like, 
is transmitted. 

[0024] As described above, there is a limitation 
wherein a maximum of only sixty-three apparatuses can 
be simultaneously connected to one IEEE 1 394 bus. Ac- 
cordingly, the number of reception units that can simul- 
taneously receive data transmitted from the apparatus 
that becomes a signal source is sixty-two at the maxi- 
mum. 

[0025] When different IEEE 1 394 buses are connect- 
ed via a bridge unit as described above, however, it be- 
comes impossible to grasp how many reception appa- 
ratuses receive the signal, from the apparatus that be- 
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comes a signal source, through the other bus connected 
to the apparatus that becomes a signal source via bridge 
unit 52. For example, a case can occur wherein an ad- 
ditional bridge unit is connected to the other bus con- 
nected to the apparatus that becomes a signal source 
via bridge unit 52. When bridge unit 52 is connected to 
an IEEE 1394 bus in such a manner, there is a risk that 
a very large number of reception apparatuses may re- 
ceive the signal transmitted from the apparatus that be- 
comes a signal source. In addition, the same may be 
said concerning the case of a network, such as USB, in 
addition to the IEEE 1394 bus. 
[0026] That is to say, in the case that a bridge unit is 
connected to a network, such as the IEEE 1394 bus, 
there is a risk that a very large number of reception ap- 
paratuses may receive a signal requiring copyright pro- 
tection sent from the apparatus that becomes a signal 
source so that there is a problem (first problem) wherein 
the desire of copyright holders to limit the number of ap- 
paratuses that can receive the signal cannot be met. 
[0027] In addition, in the case that a bridge unit is not 
connected to an IEEE 1 394 bus, the desire of copyright 
holders cannot be met when six, or more, reception ap- 
paratuses are simultaneously connected to the IEEE 
1 394 bus even in the case wherein the copyright holders 
desire that only up to five reception apparatuses be able 
to receive the signal. In addition, this is not limited to the 
IEEE 1394 bus but, rather, the same can be said con- 
cerning a network such as USB. 
[0028] That is to say, even in the case that copyright 
holders desire to designate and limit the number of re- 
ception apparatuses that can receive the signal, there 
is a problem (second problem) wherein the desire can- 
not be met. 

Disclosure of the Invention 

[0029] The present invention is provided by taking the 
above described first problem into consideration and a 
purpose thereof is to provide a copyright protection sys- 
tem, a transmission unit, a reception unit, a bridge unit, 
a copyright protection method, a medium and a program 
wherein the desire of copyright holders to limit the 
number of reception apparatuses that can receive the 
signal requiring copyright protection can be met even in 
the case that a bridge unit is connected to the network. 
[0030] In addition, the present invention is provided 
taking the above described second problem into consid- 
eration and a purpose thereof is to provide a copyright 
protection system, a transmission unit, a reception unit, 
a bridge unit, a copyright protection method, a medium 
and a program wherein the desire of copyright holders 
to limit the number of reception apparatuses that can 
receive the signal requiring copyright protection by des- 
ignating the number of reception apparatuses can be 
met. 

[0031] To solve the above problems, the 1 st invention 
of the present invention (corresponding to claim 1) is a 
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cop /right protection system, comprising: 



■at least one, or more, reception unit that is connect- 
ed to a network and that receives and utilizes data 
requiring copyright protection; and 5 
a transmission unit of transmitting said data requir- 
ing copyright protection to said reception unit by uti- 
lizing said network, wherein 

said transmission unit has: an authentication 10 
means on the transmission side, of carrying out authen- 
tication for said reception unit; and an authentication 
number counting means of counting the authentication 
number, that is the number authenticated by said au- 
thentication means on the transmission side, and is 

said reception unit has an authentication means 
on the reception side, of carrying out authentication for 
said authentication means on the transmission side, and 
wherein 

said authentication number is limited. 20 
[0032] The 2nd invention of the present invention 
(corresponding to claim 2) is the copyright protection 
system according to the 1st invention, wherein said au- 
thentication number counting means adds said authen- 
tication number in the case that said authentication 25 
means on the transmission side successfully carries out 
authentication. 

[0033] The 3rd invention of the present invention (cor- 
responding to claim 3) is the copyright protection system 
according to the 2nd invention, wherein in the case that 30 
authentication is successfully carried out for said trans- 
mission unit, said reception unit does not, again, carry 
out an authentication request as long as said successful 
authentication is not reset due to a predetermined 
cause. 35 
[0034] The 4th invention of the present invention (cor- 
responding to claim 4) is the copyright protection system 
according to the 3rd invention, further comprising a 
bridge unit of connecting said network to another net- 
work, to 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to which 
said transmission unit is connected, and 

wherein said bridge unit can, again, carry out an 
authentication request. 45 
[0035] The 5th invention of the present invention (cor- 
responding to claim 5) is the copyright protection system 
according to the 2nd invention, wherein in the case that 
authentication is successfully carried out for said recep- 
tion unit, said transmission unit does not accept an au- 50 
thentication request even if the authentication request 
is carried out, again, by said reception unit as long as 
said successful authentication is not reset due to a pre- 
determined cause. 

[0036] The 6th invention of the present invention (cor- ss 
responding to claim 6) is the copyright protection system 
according to the 5th invention, further comprising a 
bridge unit of connecting said network to another net- 



work, 

wherein the bridge unit is handled in the same 
manner as said reception unit In said network to which 
said transmission unit is connected, and 

wherein in the case that an authentication request 
is carried out by said bridge unit said transmission unit 
accepts the authentication request. 
[0037] The 7th invention of the present invention (cor- 
responding to claim 7) is the copyright protection system 
according to the 2nd invention, wherein in the case that 
authentication is successfully carried out on said recep- 
tion unit, said transmission unit carries out authentica- 
tion, again, for said reception unit and said authentica- 
tion number counting means does not add said authen- 
tication number even if the authentication is successful, 
as long as said authentication is not reset due to a pre- 
determined cause. 

[0038] The 8th invention of the present invention (cor- 
responding to claim 8) is the copyright protection system 
according to the 7th invention, further comprising a 
bridge unit of connecting said network to another net- 
work, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to which 
said transmission unit is connected, and 

wherein in the case that authentication is success- 
fully carried out again for said bridge unit said authenti- 
cation number counting means adds said authentication 
number. 

[0039] The 9th invention of the present invention (cor- 
responding to claim 9) is the copyright protection system 
according to any of the 3rd to 8th inventions, wherein 
said authentication means on the transmission side has: 

a registration means of registering information that 
specifies said reception unit for which authentica- 
tion is successfully carried out; and 
a redundancy determination means of determining 
whether or not an authentication request is the au- 
thentication request from said reception unit that 
has already successfully carried out authentication, 
when the authentication request is carried out by 
said reception unit, by utilizing the registered infor- 
mation that specifies said reception unit. 

[0040] The 10th invention of the present invention 
(corresponding to claim 10) is the copyright protection 
system according to any of the 3rd to 8th inventions , 
wherein the reset of said authentication occurs at the 
time when an update of a key is carried out. 
[0041] The 11th invention of the present invention 
(corresponding to claim 11) is the copyright protection 
system according to any of the 3rd to 8th inventions, 
wherein the reset of said authentication occurs at the 
time when an update of an exchange key is carried out. 
[0042] The 12th invention of the present invention 
(corresponding to claim 12) is the copyright protection 
system according to the 10th invention, comprising a 
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■ bridge unit for connecting said network to another net- 
work, 

^wherein the bridge unit is handled in the same 
manner as said reception unit in said network to which 
said transmission unit is connected, and 

wherein in the case that said transmission unit car- 
ries out said update of a key the reset of said authenti- 
cation is carried out also in said other network. 
[0043] The 13th invention of the present invention 
(corresponding to claim 13) is the copyright protection 
system according to any of the 3rd to 8th inventions, 
wherein the reset of said authentication occurs at the 
time when a bus reset is carried out. 
[0044] The 14th invention of the present invention 
(corresponding to claim 14) is the copyright protection 
system according to the 13th invention, comprising a 
bridge unit of connecting said network to another net- 
work, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to which 
said transmission unit is connected, and 

wherein in the case that said bus reset is carried 
out in said network to which said transmission unit is 
connected, the reset of said authentication is carried out 
also in said other network. 

[0045] The 1 5th invention of the resent invention (cor- 
responding to claim 15) is the copyright protection sys- 
tem according to the 1 st invention, wherein the limitation 
in said authentication number indicates that said au- 
thentication means on the transmission side does not 
accept an authentication request from said reception 
unit in the case that said authentication number be- 
comes a predetermined value, or greater. 
[0046] The 16th invention of the present invention 
(corresponding to claim 16) is the copyright protection 
system according to the 1st invention, wherein said au- 
thentication number counting means subtracts said au- 
thentication number in the case that said reception unit 
that has successfully carried out authentication for said 
authentication means on the transmission side stops the 
utilization of said data requiring copyright protection that 
is sent from said transmission unit. 
[0047] The 17th invention of the present invention 
(corresponding to claim 1 7) is the copyright protection 
system according to the 16th invention, comprising a 
bridge unit of connecting said network to another net- 
work, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to which 
said transmission unit is connected, and 

wherein "said bridge unit stops the utilization of 
said data requiring copyright protection that Is sent from 
said transmission unit" indicates that all of said recep- 
tion units connected to said other network stop the uti- 
lization of said data requiring copyright protection that 
is sent from said transmission unit. 
[0048] The 18th invention of the present invention 
(corresponding to claim 18) is the copyright protection 
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system according to the 16th invention, wherein said 
transmission unit has a registration means of registering 
information that specifies said reception unit that has 
successfully carried out authentication for said authen- 
tication means on the transmission side, and 

said registration means cancels the registration of 
the information that specifies the reception unit that has 
successfully carried out authentication for said authen- 
tication means on the transmission side, in the case that 
said authentication number counting means subtracts 
said authentication number. 

[0049] The 19th invention of the present invention 
(corresponding to claim 19) is the copyright protection 
system according to the 16th inveniton, wherein said 
transmission unit has an examination means of exam- 
ining whether or not said reception unit has stopped the 
utilization of said data requiring copyright protection. 
[0050] The 20th invention of the present invention 
(corresponding to claim 20) is the copyright protection 
system according to the 19th invention, wherein the 
stoppage of the utilization of said data requiring copy- 
right protection indicates that said reception unit is de- 
tached from said network, and 

said examination means periodically examines 
whether or not said reception unit is detached from said 
network. 

[0051] The 21st invention of the present invention 
(corresponding to claim 21) is the copyright protection 
system according to the 20th invention, wherein said ex- 
amination indicates the periodically examining of the 
connection number that is the number of said reception 
units connected to said network and the checking of 
which of said reception units is detached from said net- 
work in the case that said connection number is re- 
duced. 

[0052] The 22nd invention of the present invention 
(corresponding to claim 22) is the copyright protection 
system according to the 19th invention, wherein said ex- 
amination means checks if said reception unit has 
stopped the utilization of said data requiring copyright 
protection by examining an operational condition of said 
reception unit and/or an active condition of the connec- 
tion plugs, and 

said authentication number counting means sub- 
tracts said authentication number in the case that, as a 
result of the examination by said examination means, 
said reception unit is determined not to utilize said data 
requiring copyright protection. 
[0053] The 23rd invention of the present invention 
(corresponding to claim 23) is the copyright protection 
system according to the 20th or 21 st invention, wherein 
said examination means has a correspondence table of 
allowing information that specifies said reception unit to 
correspond to the signature of that reception unit 

said examination means determines whether or 
not authentication has been carried out on said recep- 
tion unit that is detached from said network by utilizing 
said correspondence table, and 
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said authentication number counting means sub- 
tracts said authentication number in the case that said 
determination result shows that authentication has been 
carried out for said reception unit that is detached from 
said network. 

[0054] The 24th invention of the present invention 
(corresponding to claim 24) is the copyright protection 
system according to the 1 6th invention, wherein said au- 
thentication means on the reception side carries out a 
decrement authentication request of subtracting said 
authentication number for said transmission unit in the 
case that said reception unit stops the utilization of said 
data requiring copyright protection that is sent from said 
transmission unit, 

said authentication means on the transmission 
side carries out said decrement authentication for said 
authentication means on the reception side, and 

said authentication number counting means sub- 
tracts said authentication number when said decrement 
authentication is successful. 

[0055] The 25th invention of the present invention 
(corresponding to claim 25) is the copyright protection 
system according to the 24th invention, wherein a com- 
mand for decrement authentication, that is a command 
for carrying out said decrement authentication, is pre- 
pared separately from the authentication command that 
is the command for carrying out authentication at the 
time when said data requiring copyright protection is uti- 
lized. 

[0056] The 26th invention of the present invention 
(corresponding to claim 26) is the copyright protection 
system according to the 24th or 25th invention, wherein 
said data requiring copyright protection is encrypted and 
said reception unit abandons the key for decoding 
said data requiring copyright protection when said dec- 
rement authentication is successful. 
[0057] The 27th invention of the present invention 
(corresponding to claim 27 ) is the copyright protection 
system according to the 24th or 25th invention, wherein 
said decrement authentication differs from the authen- 
tication for utilizing said data requiring copyright protec- 
tion in at least one, or more, of a signature, an authen- 
tication method and an operational equation. 
[0058] The 28th invention of the present invention 
(corresponding to claim 28 is the copyright protection 
system according to the 18th invention, wherein when 
the authentication is reset due to the predetermined 
cause, said authentication number counting means ini- 
tializes said authentication number while saidregistra- 
tion means cancels all the registrations of information 
that specifies the reception unit which has successfully 
carried out authentication for said authentication means 
on the transmission side. 

[0059] The 29th invention of the present invention 
(corresponding to claim 29) is the copyright protection 
system according to the 2nd invention, further compris- 
ing a bridge unit of connecting said network to another 
network. 



[0060] The 30th invention of the present invention 
(corresponding to claim 30) is the copyright protection 
system according to the 29th invention, wherein said 
bridge unit is handled in the same manner as said trans- 
5 mission unit in said other network, and 

in the case that an authentication request is car- 
ried out by said reception unit connected to said other 
network, 

authentication is carried out for said transmission 

10 unit connected to said network before authentication is 
carried out for the reception unit and in the case that the 
authentication for the transmission unit is successful au- 
thentication is carried out for said reception unit. 
[0061] The 31st invention of the present invention 

'5 (corresponding to claim 31) is the copyright protection 
system according to the 29th invention, wherein, in the 
case that said authentication number counting means 
of said bridge unit is subtracted, said bridge unit carries 
out decrement authentication for said transmission unit 

20 connected to said network, in order to subtract said au- 
thentication number counted by said authentication 
number counting means of said transmission unit that 
is connected to said network. 
[0062] The 32nd invention of the present invention 

25 (corresponding to claim 32) is the copyright protection 
system according to the 29th invention, wherein said au- 
thentication number counting means of said bridge unit 
counts the authentication number that is the number of 
the successful authentications carried out for said re- 

30 ception unit, which is connected to said other network, 
by said authentication means on the transmission side 
of said bridge unit. 

[0063] The 33rd invention of the present invention 
(corresponding to claim 33) is the copyright protection 

35 system according to the 32nd invention, wherein, in the 
case that said transmission unit is newly connected to 
said network, said bridge unit carries out authentication 
for said newly connected transmission unit in accord- 
ance with said authentication number that is counted by 

40 said authentication number counting means of said 
bridge unit. 

[0064] The 34th invention of the present invention 
(corresponding to claim 34) is the copyright protection 
system according to the 30th invention, wherein said 

45 bridge unit has a key counting means of counting a lim- 
itation number of a permissions allocated by said trans- 
mission unit that is connected to said network, 

said authentication number counting means of 
said bridge unit counts said authentication number that 

50 is the number of successful authentication carried out 
for said reception unit, which is connected to said other, 
network, by said authentication means on the transmis- 
sion side of said bridge unit, 

said bridge unit sets the number of successful au- 

55 thentications carried out for said transmission unit, 
which is connected to said network, as the limitation 
number of said permissions counted by said key coun- 
ter, 
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in the case that a decrement authentication re- 
quest is carried out, in order to subtract said authenti- 
cation number counted by said authentication number 
counting means of said bridge unit, by said reception 
unit that is connected to said other network, said bridge 
unit does not carry out decrement authentication for said 
transmission unit that is connected to said network but, 
rather, carries out decrement authentication for the re- 
ception unit, 

said authentication number counting means of 
said bridge unit subtracts said authentication number 
when said decrement authentication is successful, and 

at the time when an authentication request is new- 
ly carried out by said reception unit connected to said 
other network, 

authentication is carried out for the reception unit 
in the case that the limitation number of said permis- 
sions is smaller than said authentication number that is 
counted by said authentication number counting means 
of said bridge unit while authentication is carried out for 
said transmission unit connected to said network before 
authentication is carried out for the reception unit in the 
case that the limitation number of said permissions is 
not smaller than said authentication number counted by 
said authentication number counting means of said 
bridge unit and, then, authentication is carried out for 
the reception unit in the case that the authentication for 
said transmission unit is successful. 
[0065] The 35th invention of the present invention 
(corresponding to claim 35) is the copyright protection 
system according to the 29th inveniton, wherein said 
bridge unit reencrypts data that is sent from said trans- 
mission unit connected to said network and transmits 
the data to said reception unit connected to said other 
network, 

said authentication number counting means of 
said bridge unit counts the authentication number that 
is the number of successful authentications carried out 
for said reception unit, which is connected to said other 
network, by said authentication means on the transmis- 
sion side of said bridge unit, and 

said bridge unit has a key counting means of 
counting the limitation number of permissions allocated 
by said transmission unit connected to said network. 
[0066] The 36th invention of the present invention 
(corresponding to claim 36) is the copyright protection 
system according to the 35th invention, wherein in the 
case that an authentication request is carried out by said 
reception unit that is connected to said other network, 
in the case that said authentication number counted by 
said authentication number counting means of said 
bridge unit and the limitation number of said permissions 
counted by said key counting means are greater than 
said authentication number counted by said authentica- 
tion number counting means of said bridge unit, said 
bridge unit permits the authentication request. 
[0067] The 37th invention of the present invention 
(corresponding to claim 37) is the copyright protection 



system according to the 36th invention, wherein the up- 
per limit of the limitation number of permissions counted 
by said key counting means is in advance given by said 
transmission unit that is connected to said network. 
5 [0068] The 38th invention of the present invention 
(corresponding to claim 38) is the copyright protection 
system according to the 36th invention, wherein said 
bridge unit carries out authentication for said transmis- 
sion unit, which is connected to said network and, there- 
to by, the upper limit of the limitation number of permis- 
sions counted by said key counting means is added. 
[0069] The 39th invention of the present invention 
(corresponding to claim 39) is the copyright protection 
system according to the 35th invention, wherein, in the 
15 case that an authentication request is carried out by said 
reception unit connected to said other network, in the 
case that the limitation number of said permissions 
counted by said key counting means is not greater than 
said authentication number counted by said authentica- 
te tion number counting means of said bridge unit, said 
bridge unit rejects the authentication request. 
[0070] The 40th invention of the present invention 
(corresponding to claim 40) is the copyright protection 
system according to the 35th invention, wherein, in the 
25 case that an authentication request is carried out by said 
reception unit connected to said other network, in the 
case that the limitation number of said permissions 
counted by said key counting means is not greater than 
said authentication number counted by said authentica- 
te tion number counting means of said bridge unit, said 
bridge unit calls on said transmission unit connected to 
said network to add the limitation number of said per- 
missions. 

[0071] The 41st invention of the present invention 
35 (corresponding to claim 41) is the copyright protection 
system according to the 35th invention, wherein, in the 
case that an authentication request is carried out by said 
reception unit connected to said other network, in the 
case that the limitation number of said permissions 
40 counted by said key counting means is not greater than 
said authentication number counted by said authentica- 
tion number counting means of said bridge unit, said 
bridge unit carries out an authentication request for said 
transmission unit connected to said network and said 
45 key counting means adds the limitation number of said 
permissions in the case that said authentication is suc- 
cessful. 

[0072] The 42nd invention of the present invention 
(corresponding to claim 42) is the copyright protection 

50 system according to the 29th invention, wherein said 
bridge unit makes a notification of the number of said 
reception units that is connected to said other network 
and that carries out an authentication request for said 
transmission unit connected to said network whenever 

55 an authentication request is carried out by said recep- 
tion unit connected to said other network. 
[0073] The 43rd invention of the present invention 
(corresponding to claim 43) is the copyright protection 
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system according to the 42nd invention, wherein a field 
for making a notification of said number is provided in 
an authentication command of said bridge unit to carry 
out an authentication request for said transmission unit 
that is connected to said network so that said bridge unit 
makes a notification of said number by utilizing said 
field. 

[0074] The 44th invention of the present invention 
(corresponding to claim 44) is the copyright protection 
system according to the 29th invention, wherein an au- 
thentication command of said bridge unit to carry out an 
authentication request for said transmission unit that is 
connected to said network is distinguished from an au- 
thentication command of said reception unit that does 
not have a function of said bridge unit and that is con- 
nected to said network to carry out an authentication re- 
quest for said transmission unit connected to said net- 
work. 

[0075] The 45th invention of the present invention 
(corresponding to claim 45) is the copyright protection 
system according to the 44th invention, wherein said 
distinguishment is carried out by means of the signature 
attached to said authentication command. 
[0076] The 46th invention of the present invention 
(corresponding to claim 46) is a transmission unit for 
transmitting data requiring copyright protection, by uti- 
lizing a network, to at least one, or more, reception unit 
which has an authentication means on the reception 
side for carrying out authentication for a transmission 
unit, is connected to said network and receives and uti- 
lizes said data requiring copyright protection, wherein 
the transmission unit comprises characterized in hav- 
ing: 

an authentication means on the transmission side 
for carrying out authentication for said authentica- 
tion means on the reception side; and 
an authentication number counting means of count- 
ing authentication number that is the number of au- 
thentications carried out by said authentication 
means on the transmission side, 

wherein said authentication number is limited. 
[0077] The 47th invention of the present invention 
(corresponding to claim 47) is a reception unit that is 
connected to a network and that receives and utilizes 
data requiring copyright protection, wherein the recep- 
tion unit comprises: 

an authentication means on the reception side of 
carrying out authentication for an authentication 
means on the transmission side which is provided 
in a transmission unit having said authentication 
means on the transmission side of carrying our au- 
thentication for the reception unit and an authenti- 
cation number counting means of counting authen- 
tication number that is the number of the authenti- 
cations carried out by said authentication means on 



the transmission side, 

wherein said authentication number is limited. 
[0078] The 48th invention of the present invention 
s (corresponding to claim 48) is abridge unit for transmit- 
ting data requiring copyright protection that is transmit- 
ted from a transmission unit connected to one said net- 
work to a reception unit connected to the other said net- 
work, wherein the bridge unit comprises: 

10 

an authentication means on the transmission side 
for bridge unit that carries out authentication for said 
reception unit; 

an authentication number counting means of bridge 
is unit that counts the authentication number for 
bridge unit that is the number of the authentications 
carried out by said authentication means on the 
transmission side; and 

an authentication means on the reception side for 
20 bridge unit that carries out authentication for said 
transmission unit, 

wherein said transmission unit has: an authenti- 
cation means on the transmission side for carrying out 

25 authentication for said reception unit that is connected 
to said bridge unit or for said network; and an authenti- 
cation number counting means of counting the authen- 
tication number that is the number of the authentications 
carried out by said authentication means on the trans- 

30 mission side, 

wherein said reception unit has an authentication 
means on the reception side that carries out authenti- 
cation for said transmission unit connected to said 
bridge unit or for said other network, and 

35 wherein said authentication number counted by 
said authentication means on the transmission side is 
limited. 

[0079] The 49th invention of the present invention 
(corresponding to claim 49) is a copyright protection 

^o method of transmitting data requiring copy protection 
from a transmission unit, by utilizing a network, to at 
least one, or more, reception unit that is connected to 
said network and that receives and utilizes said data re- 
quiring copyright protection, wherein that copyright pro- 

^5 tection method is characterized in that said transmission 
unit counts the authentication numberthat is the number 
of authentications carried out on said reception unit, and 
in that 

said authentication number is limited. 
50 [0080] The 50th invention of the present invention 
(corresponding to claim 50) is a medium that can be 
processed by a computer and that is a medium holding 
a program for allowing a computer to function as the en- 
tirety, or a part, of: 

55 

the authentication means on the reception side in 
said reception un it for carrying out authentication for 
said authentication means on the transmission 
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side; 

the authentication means on the transmission side 
■In said transmission unit for carrying out authenti- 
cation for said reception unit; and 
the authentication number counting means of 
counting the authentication number that is the 
number of authentications carried out by said au- 
thentication means on the transmission side, 

in the copyright protection system according to the 1st 
invention. 

[0081] The 51st invention of the present invention 
(corresponding to claim 51) is a program for allowing a 
computer to function as the entirety, or a part, of: 

the authentication means on the reception side in 
said reception unit for carrying out authentication for 
said authentication means on the transmission 
side; 

the authentication means on the transmission side 
in said transmission unit for carrying out authenti- 
cation for said reception unit; and 
the authentication number counting means of 
counting the authentication number that is the 
number of authentications carried out by said au- 
thentication means on the transmission side, 

in the copyright protection system according to the 1st 
invention. 

[0082] Here, another aspect of the first invention is the 
transmission unit according to the forty-sixth present in- 
vention characterized in that the above authentication 
number counting means adds the above authentication 
number when the above authentication means on the 
transmission side successfully carries out authentica- 
tion. The present invention may be this aspect of the first 
invention, 

[0083] In addition, another aspect of the second in- 
vention is the transmission unit according to the forty- 
sixth present invention characterized in that the above 
reception unit does not again request authentication as 
long as the above authentication is not reset due to a 
predetermined cause in the case that authentication is 
successfully carried out on the above authentication 
means on the transmission side. The present invention 
may be this aspect of the second invention. 
[0084] In addition, another aspect of the third inven- 
tion is the transmission unit according to the above as- 
pect of the second invention characterized by compris- 
ing a bridge unit for connecting the above network to 
another network, 

wherein the bridge unit is handled in the same 
manner as the above reception unit in the above net- 
work to which the transmission unit is connected, and 

wherein the above bridge unit can again request 
authentication. The present invention may be the above 
aspect of the third invention. 

[0085] In addition, another aspect of the fourth inven- 



tion is the transmission unit according to the above as- 
pect of the first invention characterized in that the above 
authentication means on the transmission side does not 
accept the authentication request even if there is, again, 

5 an authentication request from the above reception unit 
as long as the above authentication is not reset due to 
a predetermined cause in the case that authentication 
is successfully carried out on the above reception unit. 
The present invention may be the above aspect of the 

10 fourth invention. 

[0086] In addition, another aspect of the fifth invention 
is the transmission unit according to the above aspect 
of the fourth invention characterized by comprising a 
bridge unit for connecting the above network to another 

is network, 

wherein the bridge unit is handled in the same 
manner as the above reception unit in the above net- 
work to which the transmission unit is connected, and 
wherein the above authentication means on the 

20 transmission side accepts an authentication request in 
the case that the authentication request is carried out 
from the above bridge unit. The present invention may 
be the above aspect of the fifth invention. 
[0087] In addition, another aspect of the sixth inven- 
ts tion is the transmission unit according to the above as- 
pect of the first invention characterized in that the above 
authentication means on the transmission side carries 
out authentication again on the above reception unit in 
the case that authentication is successfully carried out 

30 on the above reception unit while the above authentica- 
tion number counting means does not add the above 
authentication number even if the authentication is suc- 
cessful as long as the above authentication is not reset 
due to a predetermined cause. The present invention 

35 may be the above aspect of the sixth invention. 

[0088] tn addition, another aspect of the seventh in- 
vention is the transmission unit of the above aspect of 
the sixth invention characterized by comprising a bridge 
unit for connecting the above network to another net- 

40 work, 

wherein the bridge unit is handled in the same 
manner as the above reception unit in the above net- 
work to which the transmission unit is connected, and 
wherein the above authentication number count- 

45 ing means adds the above authentication number in the 
case that authentication is, again, carried out success- 
fully on the above bridge unit. The present invention may 
be the above aspect of the seventh invention. 
[0089] In addition, another aspect of the eighth inven- 

50 tion is the transmission unit according to any of the 
above aspects of the second to seventh inventions, 
characterized by having: 

a registration means of registering information that 
55 specifies the above reception unit in the case that 
the above authentication means on the transmis- 
sion side successfully carries out authentication for 
the above reception unit; and 
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a redundancy determination means of determining 
whether or not an authentication request is from the 
above reception unit, on which the authentication 
has already been carried out successfully, by utiliz- 
ing the registered information that specifies the 
above reception unit when the authentication re- 
quest is required by the above reception unit. The 
present invention may be the above aspect of the 
eighth invention. 

[0090] In addition, another aspect of the ninth inven- 
tion is the transmission unit according to any of the 
above aspects of the second to seventh inventions char- 
acterized in that said reset of authentication occurs at 
the time when the update of the key is carried out. The 
present invention may be the above aspect of the ninth 
invention. 

[0091] In addition, another aspect of the tenth inven- 
tion is the transmission unit of any of the above aspects 
of the second to seventh inventions characterized in that 
said reset of authentication occurs at the time when the 
update of the exchange key is carried out. The present 
invention is the above aspect of the tenth invention. 
[0092] In addition, another aspect of the eleventh in- 
vention is the transmission unit of the above aspect of 
the ninth invention, characterized by comprising a 
bridge unit for connecting the above network to another 
network, 

wherein the bridge unit is handled in the same 
manner as the above reception unit in the above net- 
work to which the transmission unit is connected, and 

wherein the above reset of authentication is car- 
ried out in the above other network in the case that the 
above authentication means on the transmission side 
carries out the above update of the key. The present in- 
vention may be the above aspect of the eleventh inven- 
tion. 

[0093] In addition, another aspect of the twelfth inven- 
tion is the transmission unit according any of the above 
aspects of the second to seventh inventions, character- 
ized in that the above reset of authentication occurs at 
the time when a bus reset is carried out. The present 
invention may be the above aspect of the twelfth inven- 
tion. 

[0094] In addition, another aspect of the thirteenth in- 
vention is the transmission unit of the above aspect of 
the twelfth invention characterized by comprising a 
bridge unit for connecting the above network to another 
network, 

wherein the bridge unit is handled in the same 
manner as the above reception unit in the network to 
which the transmission unit is connected, and 

wherein the above reset of authentication is car- 
ried out in the above other network in the case that the 
above bus reset is carried out in the above network to 
which the transmission unit is connected. The present 
invention may be the above aspect of the thirteenth in- 
vention. 



[0095] In addition, another aspect of the fourteenth in- 
tervention is the transmission unit according to the 
present forty-sixth invention, characterized in that the 
limitation of the above authentication number indicates 

5 that the above authentication means on the transmis- 
sion side does not accept an authentication request 
from the above reception unit in the case that the above 
authentication number becomes a predetermined val- 
ue, or greater. The present invention may be the above 

io aspect of the fourteenth invention. 

[0096] In addition, another aspect of the fifteenth in- 
vention is the transmission unit according to the present 
forty-sixth invention, characterized in that the above au- 
thentication number counting means subtracts, the 

15 above authentication number in the case that the above 
reception unit that has successfully carried out authen- 
tication for said authentication means on the transmis- 
sion side stops the utilization of the above data requiring 
copyright protection that is sent from the transmission 

20 unit. The present invention may be the other aspect of 
the fifteenth invention. 

[0097] In addition, another aspect of the sixteenth in- 
vention is the transmission unit of the above aspect of 
the fifteenth invention, characterized by comprising a 
25 bridge unit for connecting said network to another net- 
work, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to which 
the transmission unit is connected, and 

30 wherein "the above bridge unit stops the utilization 
of the above data requiring copyright protection that is 
sent from the transmission unit" indicates that all of the 
above reception units connected to the above other net- 
work stop the utilization of the above data requiring cop- 

35 yright protection sent from the transmission unit. The 
present invention may be the above aspect of the six- 
teenth invention. 

[0098] In addition, another aspect of the seventeenth 
invention is the transmission unit of the aspect of the 

40 fifteenth invention, characterized by comprising a regis- 
tration means of registering information that specifies 
the above reception unit that has successfully carried 
out authentication for the above authentication means 
on the transmission side, 

45 wherein the above registration means cancels the 
registration of the information that specifies the recep- 
tion unit that has successfully carried out authentication 
for the above authentication means on the transmission 
side. The present invention may be the above aspect of 

50 the seventeenth invention. 

[0099] In addition, another aspect of the eighteenth 
invention is the transmission unit according to the above 
aspect of the fifteenth invention, characterized in that 
the above reception unit is provided with an examination 

55 means of examining whether or not the utilization of the 
above data requiring copyright protection is stopped. 
The present invention may be the above aspect of the 
eighteenth invention. 
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[0100] In addition, another aspect of the nineteenth 
invention is the transmission unit according to the above 
aspect of the eighteenth invention, characterized in that 
to stop the utilization of the above data requiring copy- 
right protection indicates that the above reception unit 
is detached from the above network, and 

the above examination means periodically exam- 
ines whether or not said reception unit is detached from 
the above network. The present invention may be the 
above aspect of the nineteenth invention. 
[0101] In addition, another aspect of the twentieth in- 
vention is the transmission unit according to the above 
aspect of the nineteenth invention, characterized in that 
the examination in the above indicates the periodic ex- 
amination of the connection number that is the number 
of the above reception unit connected to the above net- 
work and the checking of which of the above reception 
units is detached from the above network in the case 
that the above connection number is reduced. The 
present invention may be the above aspect of the twen- 
tieth invention. 

[0102] In addition, another aspect of the twenty-first 
invention is the transmission unit according to the above 
aspect of the eighteenth invention, characterized in that 
the above examination means examines the operation 
condition of the above reception unit and/or the active 
condition of the connection plug and, thereby, checks 
whether or not the above reception unit has stopped the 
utilization of the above data requiring copyright protec- 
tion, and 

the above authentication number counting means 
subtracts the above authentication means in the case 
that the above reception unit does not utilize'the above 
data requiring copyright protection as a result of the 
above examination by the examination means. The 
present invention may be the above aspect of the twen- 
ty-first invention. 

[0103] In addition, another aspect of the twenty-sec- 
ond invention is the transmission unit according to the 
above aspect of the nineteenth or twentieth invention, 
characterized in that the above examination means has 
a correspondence table that makes information for 
specifying said reception unit correspond to the signa- 
ture of this reception unit, 

the above examination means determines wheth- 
er or not authentication has been carried out on the 
above reception unit that is detached from the above 
network by utilizing the above correspondence table, 
and 

the above authentication number counting means 
subtracts the above authentication number in the case 
that the above determination result indicates that au- 
thentication has been carried out on the above reception 
unit that is detached from the above network. The 
present invention may be the above aspect of the twen- 
ty-second invention. 

[0104] In addition, another aspect of the twenty-third 
invention is the transmission unit of the above aspect of 



the fifteenth invention, characterized in that the above 
authentication means on the transmission side carries 
out a decrement authentication request on the above 
authentication means on the transmission side for sub- 

5 tracting the above authentication number in the case 
that the above reception unit stops the utilization of the 
above data requiring copyright protection that is trans- 
mitted from the transmission unit, 

the above authentication means on the transmis- 

10 slon side carries out the above decrement authentica- 
tion for the above authentication means on the reception 
side, and 

the above authentication number counting means 
subtracts the above authentication number when the 
15 above decrement authentication is successful. The 
present invention may be the above aspect of the twenty 
third invention. 

[0105] In addition, another aspect of the twenty-fourth 
invention is the transmission unit according to the above 

20 aspect of the twenty-third invention, characterized in 
that a command for decrement authentication that is a 
command for carrying out the above decrement authen- 
tication is prepared separately from an authentication 
command that is a command for carrying out authenti- 

25 cation at the time of utilization of the above data requir- 
ing copyright protection. The present invention may be 
the above aspect of the twenty-fourth invention. 
[0106] In addition, another aspect of the twenty-fifth 
invention is the transmission unit of the above aspect of 

30 the twenty-third or twenty-fourth invention, character- 
ized in that the above data requiring copyright protection 
is encrypted, and 

the above reception unit abandons the key for de- 
coding the above data requiring copyright protection 

35 when the above decrement authentication is successful. 
The present invention may be the above aspect of the 
twenty-fifth invention. 

[01 07] In addition, another aspect of the twenty-sixth 
invention is the transmission unit according to the above 

40 aspect of the twenty-third or twenty-fourth invention, 
characterized in that the above decrement authentica- 
tion differs from the authentication for utilizing the above 
data requiring copyright protection in, at least, one or 
more of the signature, the authentication method or the 

45 operational equation. The present invention may be the 
above aspect of the twenty-sixth Invention. 
[0108] In addition, another aspect of the twenty-sev- 
enth invention is the transmission unit according to the 
above aspect of the seventeenth invention, character- 

50 jzed in that the above authentication number counting 
means initialized the above authentication number and 
the above registration means cancels all of the registra- 
tions of information for specifying a reception unit that 
has successfully carried out authentication for the above 

55 authentication means on the transmission side in the 
case that authentication is reset due to a predetermined 
cause.. The present invention may be the above aspect 
of the twenty-seventh invention. 
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[0109] In addition, another aspect of the twenty-eighth 
invention is the reception unit according to the present 
forty«seventh invention, characterized in that the above 
authentication number counting means adds the above 
authentication number when the above authentication 
means on the transmission side successfully carries out 
authentication. The present invention may be the above 
aspect of the twenty-eighth invention. 
[0110] In addition, another aspect of the twenty-ninth 
invention is the reception unit according to the above 
aspect of the twenty-eighth invention, characterized in 
that the above authentication means on the reception 
side does not, again, carry out an authentication request 
as long as the above authentication is not reset due to 
a predetermined cause in the case that authentication 
is successfully carried out on the above transmission 
unit. The present, invention may be the above aspect of 
the twenty-ninth invention. 

[0111] In addition, another aspect of the thirtieth in- 
vention is the reception unit according to the above as- 
pect of the twenty- ninth invention, characterized by 
comprising a bridge unit for connecting the above net- 
work to another network, 

wherein the bridge unit is handled in the same 
manner as a reception unit in the above network to 
which the above transmission unit is connected, and 

wherein the above bridge unit can again carry out 
an authentication request. The present invention may 
be the above aspect of the thirtieth invention. 
[0112] In addition, another aspect of the thirty-first in- 
vention is the reception unit according to the above as- 
pect of the twenty-eighth invention, characterized in that 
the above transmission unit does not accept an authen- 
tication request when the authentication request is 
again required by the above authentication means on 
the reception side as long as the above authentication 
is not reset due to a predetermined cause in the case 
that authentication is successfully carried out on the 
above authentication means on the reception side. The 
present invention may be the above aspect of the thirty- 
first invention. 

[0113] In addition, another aspect of the thirty-second 
invention is the reception unit according to the above 
aspect of the thirty-first invention, characterized by be- 
ing a bridge unit for connecting the above network to 
another network, 

wherein the bridge unit is handled in the same 
manner as the reception unit in the above network to 
which the above transmission unit is connected, and 

wherein the above transmission unit accepts an 
authentication request in the case that the authentica- 
tion request is carried out by the above bridge unit. The 
present invention may be the above aspect of the thirty- 
second invention. 

[01 14] In addition, another aspect of the thirty-third in- 
vention is the reception unit according to the above as- 
pect of the twenty-eighth invention, characterized in that 
the above transmission unit carries out authentication, 



again, on the above authentication means on the recep- 
tion side in the case that authentication is successfully 
carried out on the above authentication means on the 
reception side while the above authentication number 

5 counting means does not add the above authentication 
number, even if the authentication is successful, as long 
as the above authentication is not reset due to a prede- 
termined cause. The present invention may be the 
above aspect of the thirty-third invention. 

10 [0115] In addition, another aspect of the thirty-fourth 
invention is the reception unit according to the above 
aspect of the thirty-third invention, characterized by be- 
ing a bridge unit for connecting the above network to 
another network, 

15 wherein the bridge unit is handled in the same 
manner as the reception unit in the above network to 
which the above transmission unit is connected, and 

wherein the above authentication number count- 
ing means adds the above authentication number in the 

20 case that authentication is again carried out successful- 
ly on the above bridge unit. The present invention may 
be the above aspect of the thirty-fourth invention. 
[0116] In addition, another aspect of the thirty-fifth in- 
vention is the reception unit according to the any of the 

25 above aspects of the twenty-ninth to thirty-fourth inven- 
tions, characterized in that the above authentication 
means on the transmission side has: a registration 
means of registering information that specifies the 
above authentication means on the reception side in the 

30 case that authentication is successfully carried out for 
the above authentication means on the reception side; 
and 

a redundancy determination means of determin- 
ing whether or not an authentication request is an au- 

35 thentication request from the above authentication 
means on the reception side for which authentication 
has already been successfully carried out by utilizing the 
registered information that specifies the above authen- 
tication means on the reception side when an authenti- 

40 cation request is carried out by the above authentication 
means on the reception side. The present invention may 
be the above aspect of the thirty-fifth invention. 
[0117] In addition, another aspect of the thirty-sixth in- 
vention is the reception unit according to the any of the 

45 above aspects of the twenty-ninth to thirty-fourth inven- 
tions, characterized in that the above reset of authenti- 
cation occurs at the time when the update of the key is 
carried out. The present invention may be the above as- 
pect of the thirty-sixth invention. 

so [0118] In addition, another aspect of the thirty-sev- 
enth invention is the reception unit according to the any 
of the above aspects of the twenty-ninth to thirty-fourth 
inventions, characterized in that the above reset of au- 
thentication occurs at the time when the update of the 

55 exchange key is carried out. The present invention may 
be the above aspect of the thirty-seventh invention. 
[0119] In addition, another aspect of the thirty-eighth 
invention is the reception unit according to the above 
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aspect of the thirty-sixth invention, characterized by be- 
ing a bridge unit for connecting the above network to 
another network, 

wherein the bridge unit is handled in the same 
manner as a reception unit in the above network to 5 
which the above transmission unit is connected, and 

wherein the above reset of authentication is car- 
ried out in the above other network in the case that the 
above transmission unit carries out the above update of 
the key. The present invention may be the above aspect 10 
c of the thirty-eighth invention. 

[0120] In addition, another aspect of the thirty-ninth 
invention is the reception unit according to the any of 
the above aspects of the twenty-ninth to thirty-fourth in- 
ventions, characterized in that the above reset of au- 15 
thentication occurs at the time when a bus reset is car- 
ried out. The present invention may be the above aspect 
of the thirty-ninth invention. 

[0121] In addition, another aspect of the fortieth in- 
vention is the reception unit according to the above as- 20 
pect of the thirty-ninth invention, characterized by being 
a bridge unit for connecting the above networkto anoth- 
er network, 

wherein the bridge unit is handled in the same 
manner as a reception unit in the above network to 25 
which the above transmission unit is connected, and 

wherein the above reset of authentication is car- 
ried out in the above other network in the case that the 
above bus reset is carried out in the above network to 
which the transmission unit is connected. The present 30 
invention may be the above aspect of the fortieth inven- 
tion. 

[01 22] In addition, another aspect of the forty-first in- 
vention is the reception unit according to the present for- 
ty-seventh invention, characterized in that the above 35 
limitation in the authentication number indicates that the 
above authentication means on the transmission side 
does not accept an authentication request from the 
above authentication means on the reception side in the 
case that the above authentication number becomes a 40 
predetermined value, or greater. The present invention 
may be the above aspect of the forty-first invention. 
[0123] In addition, another aspect of the forty-second 
invention is the reception unit according to present forty- 
seventh invention, characterized in that the above au- 45 
thentication number counting means subtracts the 
above authentication number in the case that the above 
authentication means on the reception side that has 
successfully carried out authentication forthe above au- 
thentication means on the transmission side stops the so 
utilization of the above data requiring copyright protec- 
tion that is transmitted from the above transmission unit. 
The present invention may be the above aspect of the 
forty-second invention. 

[0124] In addition, another aspect of the forty-third in- 55 
vention is the reception unit according to the above as- 
pect of the forty-second invention, characterized by be- 
ing a bridge unit for connecting the above network to 
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another network, 

wherein the bridge unit is handled in the same 
manner as a reception unit in the above network to 
which the above transmission unit is connected, and 

wherein "the above bridge unit stops the utilization 
of the above data requiring copyright protection that is 
transmitted from the above transmission unit" indicates 
that all of the reception units connected to the above 
other network stop the utilization the above data requir- 
ing copyright protection transmitted from the above 
transmission unit. The present invention may be the 
above aspect of the forty-third invention. 
[0125] In addition, another aspect of the forty-fourth 
invention is the reception unit according to the above 
aspect of the forty-second invention, characterized in 
that the above transmission unit has a registration 
means of registering information that specifies the 
above authentication means on the reception side that 
has successfully carried out authentication forthe above 
authentication means on the transmission side, and 

the above registration means cancels the registra- 
tion of the information that specifies the above authen- 
tication means on the reception side that has success- 
fully carried out authentication for the above authentica- 
tion means on the transmission side in the case that the 
above authentication number counting means subtracts 
the above authentication number. The present invention 
may be the above aspect of the forty-fourth invention. 
[01 26] In addition, another aspect of the forty-fifth in- 
vention is the reception unit according to the above as- 
pect of the forty-second invention, characterized in that 
the above transmission unit has an examination means 
of examining whether or not the reception unit has 
stopped the utilization of the above data requiring cop- 
yright protection. The present invention may be the 
above aspect of the forty-fifth invention. 
[0127] In addition, another aspect of the forty-sixth in- 
vention is the reception unit according to the above as- 
pect of the forty-fifth invention, characterized in that to 
stop the utilization of the above data requiring copyright 
protection indicates that the above reception unit is de- 
tached from the above network, and 

the above examination means periodically exam- 
ines whether or not the above reception unit is detached 
from the above network. The present invention may be 
the above aspect of the forty-sixth invention. 
[0128] In addition, another aspect of the forty-seventh 
invention is the reception unit according to the above 
aspect of the forty-sixth invention, characterized in that 
the above examination indicates the periodic examina- 
tion of the connection number that is the number of re- 
ception units connected to the above network and the 
checking of which reception unit is detached from the 
above network in the case that the above connection 
number is reduced. The present invention may be the 
above aspect of the forty-seventh invention. 
[0129] In addition, another aspect of the forty-eighth 
invention is the reception unit according to the above 
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aspect of the forty-fifth invention, characterized in that 
the above examination means checks if the reception 
unit feas stopped the utilization of the above data requir- 
ing copyright protection by examining the operational 
condition of the above reception unit and/or the active 
condition of the connection plug, and 

the above authentication number counting means 
subtracts the above authentication number in the case 
that the above reception unit does not utilize the above 
data requiring copyright protection as a result of the 
above examination by the examination means. The 
present invention may be the above aspect of the forty- 
eighth invention. 

[0130] In addition, another aspect of the forty-ninth in- 
vention is the reception unit according to the above as- 
pect of the forty-sixth or forty-seventh invention, char- 
acterized in that the above examination means has a 
correspondence table for making information that spec- 
ifies the reception unit correspond to the signature of 
this reception unit, 

the above examination means determines wheth- 
er or not authentication has been carried out on the 
above reception unit that is detached from the above 
network by utilizing the above correspondence table, 
and 

the above authentication number counting means 
subtracts the above authentication number in the case 
that the above determination result indicates that au- 
thentication has been carried out on the above reception 
unit that is detached from the above network. The 
present invention may be the above aspect of the forty- 
ninth invention. 

[0131] In addition, another aspect of the fiftieth inven- 
tion is the reception unit according to the above aspect 
of the forty-second invention, characterized in that the 
above authentication means on the reception side car- 
ries out a decrement authentication request on the 
above transmission unit to subtract the above authenti- 
cation number in the case that the reception unit stops 
the utilization of the above data requiring copyright pro- 
tection that is transmitted from the above transmission 
unit, 

the above authentication means on the transmis- 
sion side carries out the above decrement authentica- 
tion for the above authentication means on the reception 
side, and 

the above authentication number counting means 
subtracts the above authentication number in the case 
that the above decrement authentication is successful. 
The present invention may be the above aspect of the 
fiftieth invention. 

[0132] In addition, another aspect of the fifty-first in- 
vention is the reception unit according to the above as- 
pect of the fiftieth invention, characterized in that a com- 
mand for decrement authentication that is a command 
for carrying out the above decrement authentication is 
prepared separately from an authentication command 
that is a command for carrying out authentication at the 



time of the utilization of the above data requiring copy- 
right protection. The present invention may be the above 
aspect of the fifty-first invention. 
[0133] In addition, another aspect of the fifty-second 

5 invention is the reception unit according to the above 
aspect of the fiftieth or fifty-first invention, characterized 
in that the above data requiring copyright protection is 
encrypted, and 

the reception unit abandons the key for decoding 

10 the above data requiring copyright protection when the 
above decrement authentication is successful. The 
present invention may be the above aspect of the fifty- 
second invention. 

[0134] In addition, another aspect of the fifty-third in- 
13 vention is the reception unit according to the above as- 
pect of the fiftieth or fifty-first invention, characterized in 
that the above decrement authentication differs from the 
authentication for utilizing the above data requiring cop- 
yright protection in, at least, one or more of the signa- 
20 ture, the authentication method and the operational 
equation. The present invention may be the above as- 
pect of the fifty-third invention. 
[0135] In addition, another aspect of the fifty-fourth in- 
vention is the reception unit according to the above as- 
25 pect of the forty-fourth invention, characterized in that 
the above authentication number counting means ini- 
tializes the above authentication number and the above 
registration means cancels all of the registrations of in- 
formation that specify the reception unit that have sue- 
so cessfully carried out authentication for the above au- 
thentication means on the transmission side in the case 
that the authentication is reset due to a predetermined 
cause. The present invention may be the above aspect 
of the fifty-fourth invention. 
35 [0136] In addition, another aspect of the fifty-fifth in- 
vention is the bridge unit according to the present forty- 
eighth invention, characterized by being handled in the 
same manner as the above transmission unit in the 
above other network, 
40 wherein, in the case that an authentication request 
is carried out by the above reception unit connected to 
the above other network, the above authentication 
means on the reception side for the bridge unit carries 
out authentication for the above transmission unit that 
45 is connected to the above network before the above au- 
thentication means on the transmission side for the 
bridge unit carries out authentication for the reception 
unit and in the case that the authentication of this trans- 
mission unit is successful, the above authentication 
so means on the transmission side for the bridge unit car- 
ries out authentication for the above reception unit. The 
present invention may be the above aspect of the fifty- 
fifth invention. 

[01 37] In addition , another aspect of the fifty-sixth in- 
55 vention is the bridge unit according to the present forty- 
eighth invention, characterized in that the above authen- 
tication means on the reception side for the bridge unit 
carries out decrement authentication for subtracting the 
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above authentication number, which is counted by the 
above authentication number counting means of the 
above transmission unit connected to the above net- 
work, on the above transmission unit connected to the 
above network in the case that subtraction is carried out 
on the above authentication number counting means of 
the bridge unit. The present invention may be the above 
aspect of the fifty-sixth invention. 
[0138] In addition, another aspect of the fifty-seventh 
invention is the bridge unit according to the present for- 
ty-eighth invention, characterized in that the above au- 
thentication number counting means of the bridge unit 
counts the authentication number that is the number of 
the successful authentications carried out by the above 
authentication means on the transmission side for the 
bridge unit on the above reception unit connected to the 
above other network. The present invention may be the 
above aspect of the fifty-seventh invention. 
[0139] In addition, another aspect of the fifty-eighth 
invention is the bridge unit according to the aspect of 
the fifty-seventh invention, characterized in that the 
above authentication means on the reception side for 
the above bridge unit carries out authentication for the 
above transmission unit that is newly connected accord- 
ing to the number of times the above authentication 
number that is counted by the above authentication 
number counting means of the bridge unit in the case 
that the above transmission unit is newly connected to 
the above network. The present invention may be the 
above aspect of the fifty-eighth invention. 
[0140] In addition, another aspect of the fifty-ninth in- 
vention is the bridge unit according to the above aspect 
of the fifty-fifth invention, characterized by comprising a 
key counting means of counting the limitation number 
of the permissions allocated by the above transmission 
unit connected to the above network, 

wherein the above authentication number count- 
ing means of the bridge unit counts the above authen- 
tication number that is the number of successful authen- 
tications carried out on the above reception unit con- 
nected to the above other network, 

the number of successful authentications that are 
carried out on the above transmission unit connected to 
the above network is assumed to be the above limitation 
number of the permissions counted by the above key 
counter, 

wherein the above authentication means on the 
reception side for the bridge unit does not carried out 
decrement authentication for the above transmission 
unit that is connected to the above network but, rather, 
the above authentication means on the transmission 
side for the bridge unit carries out decrement authenti- 
cation for the reception unit in the case that a decrement 
authentication request for subtracting the above authen- 
tication number that is counted by the above authenti- 
cation number counting means of the bridge unit is car- 
ried out by the above reception unit connected to the 
above other network, 



wherein the above authentication number count- 
ing means of the bridge unit subtracts the above authen- 
tication number when the above decrement authentica- 
tion is successful, 

s wherein the authentication means on the trans- 

mission side forthe bridge unit carries out authentication 
for the reception unit in the case that the above limitation 
number of the permissions is smaller than the above au- 
thentication number that is counted by the above au- 

10 thentication number counting means of the bridge unit 
at the time when an authentication request is newly car- 
ried out by the above reception unit connected to the 
above other network, and 

wherein the above authentication means on the 

15 reception side for the bridge unit carries out authentica- 
tion for the above transmission unit connected to the 
above network before authentication is carried out on 
the reception unit in the case that the above limitation 
number of permissions is not smaller than the above au- 

20 thentication number counted by the above authentica- 
tion number counting means of the bridge unit and, in 
the case that the authentication is successful, the above 
authentication means on the transmission side for the 
bridge unit carries out authentication for the reception 

25 unit. The present invention may be the above aspect of 
the fifty-ninth invention. 

[0141] In addition, another aspect of the sixtieth in- 
vention is the bridge unit according to the present forty- 
eighth invention, wherein the above bridge unit compris- 

30 es a key counting means of counting the limitation 
number of the permissions allocated by the above trans- 
mission unit that is connected to the above network, 

wherein the data sent from the above transmission 
unit that is connected to the above network is again en- 

35 crypted so as to be transmitted to the above reception 
unit that is connected to the above other network, and 
wherein the above authentication number count- 
ing means of the bridge unit counts the authentication 
number that is the successful number of authentications 

40 carried out on the above reception unit that is connected 
to the above other network by the above authentication 
means on the transmission side for the bridge unit. The 
present invention may be the above aspect of the sixti- 
eth invention. 

^5 [0142] In addition, another aspect of the sixty-first in- 
vention is the bridge unit according to the above aspect 
of the sixtieth invention, characterized by permitting an 
authentication request when the authentication request 
is carried out by the above reception unit that is connect- 
so ed to the above other network in the case that the above 
authentication number counted by the above authenti- 
cation number counting means of the bridge unit and 
the above limitation number of permissions counted by 
the above key counting means are greater than the 
55 above authentication number counted by the above au- 
thentication number counting means of the bridge unit. 
The present invention may be the above aspect of the 
sixty-first invention. 
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[0143] In addition, another aspect of the sixty-second 
invention is the bridge unit according to the above as- 
pect of the sixty-first invention, characterized in that the 
upper limit of the limitation number of permissions 
counted by the above key counting means is given in 
advance by the above transmission unit that is connect- 
ed to the above network. The present invention may be 
the above aspect of the sixty-second invention. 
[0144] In addition, another aspect of the sixty-third in- 
vention is the bridge unit according to the above aspect 
of the sixty-first invention, characterized in that the up- 
per limit of the limitation number of permissions counted 
by the above key counting means is added by the above 
authentication means on the reception side for the 
bridge unit carrying out authentication for the above 
transmission unit that is connected to the above net- 
work. The present invention may be the above aspect 
of the sixty-third invention. 

[0145] In addition, another aspect of the sixty-fourth 
invention is the bridge unit according to the above as- 
pect of the sixtieth invention, characterized in that the 
above authentication means on the transmission side 
for the bridge unit rejects an authentication request 
when the authentication request is carried out by the 
above reception unit that is connected to the above oth- 
er network in the case that the above limitation number 
of permissions counted by the above key counting 
means is not greater than the above authentication 
number counted by the above authentication number 
counting means of the bridge unit. The present invention 
may be the above aspect of the sixty-fourth invention. 
[0146] In addition, another aspect of the sixty-fifth in- 
vention is the bridge unit according to the above aspect 
of the sixtieth invention, characterized in that the above 
authentication means on the transmission side for the 
bridge unit calls on the above transmission unit that is 
connected to the above network to add the above limi- 
tation number of permissions when an authentication re- 
quest is carried out by the above reception unit that is 
connected to the above other network in the case that 
the above limitation number of permissions counted by 
the above key counting means is not greater than the 
above authentication number counted by the above au- 
thentication number counting means of the bridge unit. 
The present invention may be the above aspect of the 
sixty-fifth invention. 

[0147] In addition, another aspect of the sixty-sixth in- 
vention is the bridge unit according to the above aspect 
of the thirty-fifth invention, characterized in that the 
above authentication means on the reception side for 
the bridge unit carries out an authentication request on 
the above transmission unit that is connected to the 
above network and in the case that the above authenti- 
cation is successful, the above key counting means 
adds the above limitation number of permissions when 
an authentication request is carried out by the above re- 
ception unit connected to the above other network in the 
case that the above limitation number of permissions 



counted by the above key counting means is not greater 
than the above authentication number counted by the 
above authentication number counting means of the 
bridge unit. The present invention may be the above as- 

5 pect of the sixty-sixth invention. 

[0148] In addition, another aspect of the sixty-seventh 
invention is the bridge unit according to the present for- 
ty-eighth invention, characterized in that the above au- 
thentication means on the reception side for the bridge 

10 unit makes a notification of the number of the above re- 
ception units that are connected to the above other net- 
work and that carry out an authentication request to the 
above transmission unit that is connected to the above 
network whenever an authentication request is carried 

15 out by the above reception unit connected to the above 
other network on the above authentication means on the 
transmission side for the bridge unit. The present inven- 
tion may be the above aspect of the sixty-seventh in- 
vention. 

20 [0149] In addition, another aspect of the sixty-eighth 
invention is the bridge unit according to the above as- 
pect of the sixty-seventh invention, characterized in that 
an authentication command for carrying out an authen- 
tication request on the above transmission unit connect- 

25 ed to the above network by the above authentication 
means on the reception side for the bridge unit is pro- 
vided with a field for making the above notification of the 
number and the above authentication means on the re- 
ception side for the bridge unit makes the above notifi- 

30 cation of the number by utilizing the above field. The 
present invention may be the above aspect of the sixty- 
eighth invention. 

[01 50] In addition, another aspect of the sixty-ninth in- 
vention is the bridge unit according to the present forty- 

35 eighth invention, characterized in that an authentication 
command for carrying out an authentication request on 
the above transmission unit connected to the above net- 
work by the above authentication means on the recep- 
tion side for the bridge unit is discriminated from an au- 

40 thentication command for carrying out an authentication 
request on the above transmission unit connected to the 
above network by the above reception unit that is con- 
nected to the above network and does not have a func- 
tion to the above bridge unit. The present invention may 

45 be the above aspect of the sixty-ninth invention. 

[0151] in addition, another aspect of the seventieth in- 
vention is the bridge unit according to the above aspect 
of the sixty-ninth invention, characterized in that the 
above discrimination is carried out by the signature at- 

50 tached to the above authentication command. The 
present invention may be the above aspect of the sev- 
entieth invention. 
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Brief Description of the Drawings 
[0152] 

Fig 1 is a diagram showing the configuration of a 
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copyright protection system according to the first to 
seventh embodiments of the present invention; 
Fig 2 is a diagram showing the configuration of an 
STB according to the first embodiment of the 
present invention; 

Fig 3 is a diagram showing the configuration of a 
TV 30 according to the first, second, seventh and 
eighth embodiments of the present invention; 
Fig 4 is a diagram showing examples of authentica- 
tion numbers counted by an authentication number 
counting means and device information stored by a 
device information storage means according to the 
first embodiment of the present invention; 
Fig 5 is a diagram showing the configuration of an 
STB 40 according to the second, seventh and 
eighth embodiments of the present invention; 
Fig 6 is a diagram showing examples of authentica- 
tion numbers counted by an authentication number 
counting means and device information stored by a 
device information storage means according to the 
second embodiment of the present invention; 
Fig 7 is a diagram showing the configuration of an 
STB according to the third embodiment of the 
present invention; 

Fig 8 is a diagram showing the configuration of a 
TV according to the third and fourth embodiments 
of the present invention; 

Fig 9 is a diagram showing the configuration of an 
STB according to the fourth embodiment of the 
present invention; 

Fig 10 is a diagram showing the configuration of a 
bridge unit according to the fifth embodiment of the 
present invention; 

Fig 1 1 is a state machine diagram for describing the 
operation of the bridge unit according to the fifth em- 
bodiment of the present invention; and 
Fig 12 is a diagram showing the configuration of a 
bus system according to a prior art. 

Explanation of Numerals 

[0153] 



9 sink 5 

20 STB 

s 21 D-l/F on transmission side 

22 encryption means 

23 authentication means on transmission side 

10 

24 authentication number counting means 

25 upper limit authentication number storage means 
is 26 count adjustment and determination mean 

27 device information storage means 

28 authentication selection means on the transmis- 
20 sion side 

29 authentication rule storage means on the trans- 
mission side 

25 30 TV 

31 D-l/F on the reception side 

32 decoding means 

30 

33 authentication request means 

34 authentication means on the reception side 

35 35 authentication selection means on the reception 
side 

36 authentication rule storage means on the recep- 
tion side 
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Preferred Embodiments for Carrying Out the Invention 
[0154] In the following, the embodiments of the 
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IEEE 1394 bus #1 


45 


present invention are described in reference to the 
drawings. 
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IEEE 1394 bus #2 












(First Embodiment) 

[01 55] First, the first embodiment is herein described. 


3 


source 




4 


sink 0 


50 


[01 56] Fig 1 shows a copyright protection system ac- 
cording to the present embodiment. 


5 


sink 1 




[01 57] In the copyright protection system according to 
the present embodiment, IEEE 1394 bus #1 (1) and 


6 


sink 2 (bridge unit) 


55 


IEEE 1394 bus #2 (2) are connected to each other by 
means of a sink 2 (bridge unit) (6) while source 3, sink 


7 


sink 3 




0 (4), and the like, are connected to IEEE 1394 bus #1 
(1). In addition, sink 5 (9), sink 6 (10), and the like, are 


8 


sink 4 




connected to IEEE 1394 bus #2 (2). 
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[0158] IEEE 1394 bus #1 (1) and IEEE 1394 bus #2 
(2) are, respectively, different IEEE 1394 buses. 
[0159] The source 3 is an apparatus for transmitting 
AVdata requiring copy right protection to IEEE 1304 bus 
#1 (1) and is, for example, an STB (set top box). 
[0160] The sink 0 (4), the sink 1 (5), the sink 3 (9) and 
the sink 4 (8) are connected to IEEE 1394 bus #1 (1) 
and are apparatuses receiving and utilizing AV data re- 
quiring copyright protection transmitted from the source 
3 and are, for example, TVs (televisions). 
[0161] The sink 5 (9), the sink 6 (10) and the sink 7 
(11) are connected to IEEE 1394 bus #2 (2) and are ap- 
paratuses receiving and utilizing AV data requiring cop- 
yright protection transmitted to IEEE 1394 bus #2 (2) 
and are, for example, TVs (televisions). 
[0162] The bridge unit 6 is a unit for receiving, for 
reencrypting and, then, for transmitting AV data requir- 
ing copyright protection transmitted from the source 3. 
Since the bridge unit 6 relays the transmission of AV da- 
ta, the AV data requiring copyright protection transmit- 
ted from the source 3 that is connected to IEEE 1394 
bus #1(1) can be received by the sink 5 (9), or the like, 
connected to IEEE 1394 bus #2 (2). 
[01 63] Fig 2 shows the configuration of the source 3. 
Fig 2 shows the source 3 as an STB 20. 
[0164] The STB 20 is formed of a D-l/F 21 on the 
transmission side, an encryption means 22, an authen- 
tication means 23 on the transmission side, an authen- 
tication number counting means 24, an upper limit au- 
thentication number storage means 25, a count adjust- 
ment and determination means 26 and a device infor- 
mation storage means 27. 

[0165] The D-l/F 21 on the transmission side is a dig- 
ital interface for transmitting the AV data requiring cop- 
yright protection to the IEEE 1394 bus #1 (1) as an iso- 
chronous packet and for transmitting and receiving a 
command, or the like, in an asynchronous packet to and 
from another apparatus connected to IEEE 1394 bus #1 
(1). 

[0166] The encryption means 22 is a means of en- 
crypting AV data received from a tuner (not shown). 
[01 67] The authentication means 23 on the transmis- 
sion side is a means of carrying out authentication for 
utilizing the apparatuses connected to IEEE 1394 bus 
#1 (1), such as sink 0 (4) , sink 1 (5) , and the like, as 
well as AV data and of carrying out a decrement authen- 
tication that is an authentication for stopping the utiliza- 
tion of AV data. The authentication for utilizing this AV 
data (hereinafter, references to authentication, alone, 
indicate authentication for utilizing the AV data) and the 
decrement authentication (hereinafter, the authentica- 
tion for stopping the utilization of AV data is referred to 
as decrement authentication) that is an authentication 
for stopping the utilization of the AV data are carried out 
according to different authentication rules. 
[01 68] The authentication number counting means 24 
is a means of counting the authentication number that 
is the number of authentications that have been suc- 



cessfully carried out by the authentication means 23 on 
the transmission side in accordance with the determina- 
tion result of the count adjustment and determination 
means 26. 

5 [01 69] The upper limit authentication number storage 
means 25 is a means of storing the upper limit of the 
number of apparatuses that can simultaneously receive 
and utilize AV data requiring copyright protection trans- 
mitted by the STB 20. 

10 [01 70] The device information storage means 27 is a 
means of storing device IDs of the apparatuses on which 
authentication has been successfully carried out by the 
authentication means 23 on the transmission side. 
Here, the device IDs are assigned in advance by a key 

*s management center and are information for specifying 
the apparatuses. 

[0171] The count adjustment and determination 
means 26 is a means of determining, in the case that 
the authentication means 23 on the transmission side 
20 has successfully carried out authentication by utilizing 
a device ID that is stored in the device information stor- 
age means 25, whether or not the authentication 
number counted by the authentication number counting 
means 24 is increased by checking if the authentication 
25 is the duplicated authentication for the same apparatus 
and for determining whether or not the authentication 
number counted by the authentication number counting 
means 24 is decreased in the case that the authentica- 
tion means 23 on the transmission side has successfully 
30 carried out the below described decrement authentica- 
tion. 

[0172] An authentication rule storage means 29 on 
the transmission side is a means of storing respective 
authentication rules of the authentication and the dec- 
35 rement authentication carried out by the authentication 
means 23 on the transmission side. 
[0173] An authentication selection means 28 on the 
transmission side is a means of selecting, at the time 
when the authentication means 23 on the transmission 
40 side carries out authentication, the authentication rule 
thereof and for selecting, at the time when decrement 
authentication is carried out, the authentication rule for 
the decrement authentication thereof. 
[0174] The sink 0(4), the sink 1 (5), the sink 3 (9) and 
45 sink 4 (8) respectively have a similar configuration. Fig 
3 shows the configuration of one sink, that is TV 30. 
[0175] The TV 30 is formed of a D-l/F 31 on the re- 
ception side, a decoding means 32, an authentication 
request means 33, an authentication means 34 on the 
so reception side, an authentication selection means 35 on 
the reception side and an authentication rule storage 
means 36 on the reception side. 
[01 76] The authentication selection means 35 on the 
reception side is a digital interface for receiving AV data 
55 requiring copyright protection that is transmitted to IEEE 
1 394 bus #2 (2) as an isochronous packet and for trans- 
mitting and receiving a command, or the like, to and from 
another apparatus connected to IEEE 1394 bus #1 (1) 
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in an a synchronous packet. 

[01 77] The decoding means 32 is a means of decod- 
ing the encryption of the received AV data requiring cop- 
yright protection. The AV data decoded by the decoding 
means 32 to plain text is decoded by a decoder (not 
shown) and is displayed on a monitor (see the figure). 
[0178] The authentication request means 33 is a 
means of transmitting, to the STB 20, an authentication 
command (hereinafter referred to as authentication 
command) for carrying out a request for authentication 
and an authentication command (hereinafter referred to 
as command for decrement authentication) for decre- 
ment authentication that requests the carrying out of 
decrement authentication. Different commands are 
used for the authentication command for carrying out 
authentication and the authentication command for car- 
rying out decrement authentication. 
[0179] The authentication means 34 on the reception 
side is a means of carrying out authentication and dec- 
rement authentication for the authentication means 23 
on the transmission side of the STB 20. 
[0180] The authentication selection means 35 on the 
reception side is a means of selecting an authentication 
rule for authentication at the time when the authentica- 
tion means 34 on the reception side carries out authen- 
tication and for selecting an authentication rule for dec- 
rement authentication at the time when authentication 
means 34 on the reception side carries out decrement 
authentication. 

[0181] The authentication rule storage means 36 on 
the reception side is a means of storing authentication 
rules for authentication and authentication rules for dec- 
rement authentication. 

[0182] Here, IEEE 1394 bus #1 (1) and IEEE 1394 
bus #2 (2) of the present embodiment are examples of 
a network in the present invention, the source 3, that is 
to say the STB 20, of the present embodiment is an ex- 
ample of a transmission unit of the present invention, 
the sink 1 (5), that is to say TV 30, of the present em- 
bodiment is an example of a reception unit of the present 
invention, the authentication rule storage means 29 on 
the transmission side, the authentication means 28 on 
the transmission side and the authentication means on 
the transmission side of the present embodiment are ex- 
amples of an authentication means on the transmission 
side of the present invention, the upper limit authentica- 
tion number storage means 25, the authentication 
number counting means 24 and the count adjustment 
and determination means 26 of the present embodiment 
are examples of an authentication number counting 
means of the present invention, the authentication rule* 
storage means 36 on the reception side, the authenti- 
cation selection means 35 on the reception side and the 
authentication means 35 on the reception side of the 
present embodiment are examples of an authentication 
means on the reception side of the present invention, 
the count adjustment and determination means 26 of the 
present embodiment is an example of a redundancy de- 
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termination means of the present invention, the device 
information storage means 27 of the present embodi- 
ment is an example of a registration means of the 
present invention and the decoding of the AV data that 

s has become plain text after being decoded by the de- 
coding means 32 of the present embodiment by the de- 
coder (not shown) and the display thereof on the monitor 
(see the figure) are examples of the utilization of data 
requiring copyright protection of the present invention. 

10 [01 83] Next, the operation of the present embodiment 
formed in the above manner is described. 
[0184] First, the operation wherein the sink 1 (5) re- 
ceives the AV data requiring copyright protection trans- 
mitted by the source 3 to IEEE 1394 bus #1 and displays 

*5 this image and sound on the monitor of sink 1 (5) is de- 
scribed. 

[0185] The AV data requiring copyright protection is 
an MPEG transport stream and is received by a tuner, 
not shown, of the STB 20 that is the source 3. Then, a 

20 limitation is assumed to be provided such that a maxi- 
mum of only three apparatus can simultaneously re- 
ceive and utilize the AV data requiring copyright protec- 
tion transmitted by the STB 20 that is the source 3. 
[0186] Information showing this limitation is contained 

25 within the MPEG transport stream at the time that the 
AV data is transmitted from a broadcasting station. The 
STB 20 extracts this information from inside of the 
MPEG transport stream received by a tuner and the up- 
per limit authentication number storage means 25 sets 

30 three as the upper limit authentication number by refer- 
ring to the extracted information. 
[01 87] In order for the STB 20 to transmit the AV data 
received by the tuner to IEEE 1394 bus#1 (1), first, the 
D-l/F 21 on the transmission side requests a channel 

35 utilization right by designating the transmission band to 
be utilized in the isochronous resource manager of I EEE 
1394 bus #1 (1). Then, the channel utilization right Is 
assumed to have been granted by the isochronous re- 
source manager. 

40 [0188] Thus, the encryption means 22 encrypts the 
AV data requiring copyright protection that is received 
by the tuner and outputs the result to the D-l/F 21 on the 
transmission side. 

[0189] The D-l/F 21 on the transmission side pre- 
45 pares, from the encrypted AV data, a number of iso- 
chronous channels in the header and an isochronous 
packet to which its own node ID is attached and trans- 
mits the prepared isochronous packet to IEEE 1394 bus 
#1 (1). 

so [0190] Thus, the STB 20 transmits the AV data requir- 
ing copyright protection to IEEE 1394 bus #1 (1). 
[0191] Fig 4 shows how the authentication number 
counted by the authentication number counting means 
24 and the device ID stored in the device information 

55 storage means 27 change whenever the apparatus car- 
ries out an authentication request. At the present point 
in time, the STB 20 has not received an authentication 
request and the authentication number counted by the 
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authentication number counting means 24 is 0 while the 
device information storage means 27 does not store de- 
vice JD of any apparatuses. 

[0192] On the other hand, in the case that the sink 1 
(5) receives and utilizes the AV data transmitted by the 
source 3, first, an authentication request is carried out 
on the STB 20, which is the source 3. 
[0193] That is to say, the D-l/F 31 on the reception 
side of the TV 30 that is the sink 1 (5) receives the trans- 
mitted isochronous packet and acquires the node ID of 
the transmission origin from the header information. 
Then, the authentication request means 30 outputs an 
authentication command for requesting authentication 
to the D-l/F 31 on the reception side. A device ID is al- 
located in advance to the TV 30 from the key manage- 
ment center so that this device ID can specify each ap- 
paratus, such as the TV 30, in an exclusive manner. 
Then, the device ID of the TV 30 is attached to the au- 
thentication command outputted by authentication re- 
quest means 30. 

[0194] When receiving an authentication command 
the D-l/F 30 on the reception side prepares an asyn- 
chronous packet wherein the node ID of the transmis- 
sion origin acquired in advance from the authentication 
command and the node ID of its own are added to the 
header and transmits the asynchronous packet to IEEE 
1394 bus#(1). 

[0195] Then, the authentication means 34 on the re- 
ception side indicates the authentication selection 
means 35 on the reception side to select an authentica- 
tion rule for authentication and this is received by the 
authentication selection means 35 on the reception 
side, which selects the authentication command for au- 
thentication from the authentication rule storage means 
36 on the reception side. 

[0196] The D-l/F 31 on the reception side transmits 
the authentication command to the STB 20 as an asyn- 
chronous packet. 

[0197] When receiving an authentication command 
sent as an asynchronous packet from the D-l/F 31 on 
the reception side of the TV 30, the D-l/F 21 on the trans- 
mission side of the STB 20 outputs the authentication 
command to the authentication means 23 on the trans- 
mission side. 

[0198] The authentication means 23 on the transmis- 
sion side makes a notification of the device ID of the TV 
30 to the count adjustment and determination means 26 
and makes a request for determination. 
[0199] The count adjustment and determination 
means 26 determines whether or not the device ID re- 
ceived in response to the request from the authentica- 
tion means 23 on the transmission side has already be 
stored in the device information storage means 27. 
Then, referring to the authentication number counted by 
the authentication number counting means 24 and the 
upper limit value of the authentication number stored in 
the upper limit authentication number storage means 
25, whether the authentication request from the TV 30 
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is accepted or rejected is determined in the following 
manner. 

[0200] That is to say, in the case that this authentica- 
tion number is smaller than the upper limit value of the 

5 authentication number the authentication command is 
determined as being acceptable. In addition, in the case 
that the received device ID has already been stored in 
the device information storage means 27 even when this 
authentication number is equal to the upper limit value, 

10 or is the value greaterthan that, the authentication com- 
mand is determined to be received. Then, in the case 
that the authentication number is equal to the upper limit 
value of the authentication number, oris the value great- 
er than that, and the received device ID is not stored in 

15 the device information storage means 27, the authenti- 
cation command from the TV 30 is determined to be re- 
jected. 

[0201 ] The authentication means 23 on the transmis- 
sion side determines whether or not authentication is 
20 carried out on the authentication means 34 on the re- 
ception side according to the above determination re- 
sult. 

[0202] At this point in time, for example, the upper limit 
number stored by the upper limit authentication number 

25 storage means 25 is three and the authentication 
number counted by the authentication number counting 
means 24 is zero so that the authentication number is 
smaller than the upper limit of the authentication number 
and, therefore, the count adjustment and determination 

30 means 26 determines the authentication request to be 
received and the authentication means 24 on the trans- 
mission side carries out authentication for the authenti- 
cation means 34 on the reception side according to this 
determination result. 

35 [0203] That is to say, the authentication means 23 on 
the transmission side directs the authentication selec- 
tion means 28 on the transmission side to select an au- 
thentication rule and, in response to this, the authenti- 
cation selection means 28 on the transmission side se- 

40 lects an authentication rule for authentication from the 
authentication rule storage means 29 on the transmis- 
sion side. 

[0204] The authentication means 23 on the transmis- 
sion side uses the authentication rule for authentication 

45 selected by the authentication selection means 28 on 
the transmission side while the authentication means 34 
on the reception side uses the authentication rule for 
authentication selected by the authentication selection 
means 34 on the reception side so that authentication 

so is mutually earned out. 

[0205] When the TV 30 is found to be an authorized 
apparatus as a result of the above and the authentica- 
tion is successful, the authentication means 23 on the 
transmission side and the authentication means 34 on 

55 the reception side exchange keys for encrypting and for 
decoding AV data. Accordingly, when the authentication 
is successful, the TV 30 decodes the encryption of the 
AV data transmitted from the STB 20 with the acquired 
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key so that the image and sound can be displayed on a 
monitor so as to be viewed and listened to. 
[0206] In addition , in the case that the TV 30 is an un- 
authorized apparatus and the authentication has failed 
the above described exchange of keys is not carried out. 
Accordingly, in this case, the TV 30 can not decode the 
encryption of th e AV data transmitted by the STB 20 and , 
therefore, the image and sound can not be displayed on 
a monitor so as to be viewed and listened to even in the 
case the AV data is decoded. 

[0207] In such a manner, the AV data requiring copy- 
right protection is encrypted and transmitted so that an 
unauthorized apparatus can be removed by carrying out 
authentication. 

[0208] In the case that the authentication is success- 
ful in such a manner, the authentication means 23 on 
the transmission side first makes a notification, to the 
count adjustment and determination means 26, of the 
successful authentication of the device ID of the TV 30 
that is added to the authentication command. 
[0209] The count adjustment and determination 
means 26 checks whether or not the notified device ID 
of the TV 30 has already been stored in the device in- 
formation stored by the device information storage 
means 27 when receiving the notification of the suc- 
cessful authentication. 

[0210] Then, in the case that the device ID of the TV 
30 has not yet been stored in the device information stor- 
age means 27, the device ID of the TV 30 is newly stored 
in the device information storage means 27. 
[0211] Furthermore, in the case that the device ID of 
the TV 30 is newly stored in the device information stor- 
age means 27, the count adjustment and determination 
means 26 indicates the authentication number counting 
means 24 to increase the counted authentication 
number by one. In the case that the device ID of the TV 
30 has already been stored in the device information 
storage means 27, the authentication number counting 
means 24 is not indicated so as to increase the counted 
authentication number. 

[021 2] The authentication number counting means 24 
increases the counted authentication number by one in 
accordance with the indication by the count adjustment 
and determination means 26. 
[0213] Accordingly, the authentication number count- 
ing means 24 does not count authentications carried out 
on the same apparatus repeatedly. 
[0214] Furthermore, the authentication means 23 on 
the transmission side passes the key exchanged at the 
time of authentication of the authentication means 34 
on the reception side to the encryption means 22. 
[0215] Afterwards, the encryption means 22 encrypts 
AV data using the key passed from the authentication 
means 23 on the transmission side and outputs the re- 
sult to the D-l/F 21 on the transmission side. 
[021 6] On the other hand, in the case that the authen- 
tication of the STB 20 is successful, the authentication 
means 34 on the reception side outputs the key ex- 
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changed at the time of this authentication to the decod- 
ing means 32. 

[0217] Afterwards, the decoding means 32 decodes 
the AV data transmitted from the STB 20 using the key 
s received from the authentication means 34 on the re- 
ception side and the decoded AV data that has become 
plain text is decoded by a decoder, not shown, and is 
converted into an analog signal so as to be displayed 
on a monitor. 

10 [0218] The TV 30 that is the sink 1 (5) receives AV 
data requiring copyright protection that is transmitted 
from the STB 20, which is the source 3, and displays the 
data on a monitor. 

[021 9] That is to say, as shown in Fig 4, the sink 1 (5) 

is requests authentication, and authentication is carried 
out on the STB 20, and when a successful result is 
gained the authentication number counted by the au- 
thentication number counting means 24 becomes one 
so that the device ID of the sink 1 (5) is stored in the 

20 device information storage means 27. 

[0220] The operation is described in the above where- 
in the sink 1 (5) receives the AV data requiring copyright 
protection transmitted to IEEE 1394 bus #1 by the 
source 3 and the image and sound are displayed on the 

25 monitor of sink 1 (5). 

[0221] In the same manner as the above described 
operation, it is assumed that the sink 0 (3) receives the 
AV data requiring copyright protection that is transmitted 
to IEEE 1 394 bus #1 (1 ) by the source 3 so that the im- 

30 age and sound can be displayed on the monitor. That is 
to say, the sink 0 (4) and the source 3 carry out authen- 
tication and, as a result, the authentication is successful. 
[0222] That is to say, when the authentication-means 
23 on the transmission side receives an authentication 

35 request from the sink 0 (4) at the time of authentication 
carried out by the sink 0 (4) and the source 3, a request 
is made to the count adjustment and determination 
means 26 for a determination of whether or not the au- 
thentication request is acceptable. 

40 [0223] The count adjustment and determination 
means 26 determines to receive the authentication 
since the authentication number counted by the authen- 
tication number counting means 24 is one and the upper 
limit number stored in the upper limit authentication 

45 number storage means 25 is three so that the authenti- 
cation number is still smaller than the upper limit 
number. 

[0224] Then, the authentication means 23 on the 
transmission side carries out authentication for the sink 

50 o (4) in accordance with this determination. 

[0225] When the authentication is successful, the 
count adjustment and determination means 26 checks 
whether or not the device I D of the sink 0 (4) has already 
been stored in the device information storage means 27. 

55 At this point in time, the device ID stored in the device 
information storage means 27 is the device ID of the sink 
1 (5) only and, therefore, the device ID of the sink 0 (4) 
has not yet been stored. Accordingly, the authentication 
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number counting means 24 indicates to increase the 
counted authentication number by one. 
[0226] The authentication number counting means 24 
increases the authentication number by one in accord- 
ance with the indication from the count adjustment and 
determination means 26. Accordingly, the authentica- 
tion number counted by the authentication number 
counting means 24 becomes two at this point in time. 
[0227] Afterwards the sink 0 (4) decodes the AV data 
transmitted from the source 3 in the same manner as 
described above so that the image can be displayed on 
a monitor. 

[0228] That is to say, as shown in Fig 4, the sink 0 (4) 
carries out an authentication request while the STB 20 
and the sink 0 (4) carries out authentication and when 
they are successful the authentication number counted 
by the authentication number counting means 24 is in- 
creased to two and a sink 1 (5) is added to the device 
information storage means 27 so that the device IDs of 
the sink 1 (5) and the sink 0 (4) are stored. 
[0229] Here, when the sink 3 (7) carries out an au- 
thentication request on the source 3 so that the authen- 
tication is successful, the authentication number count- 
ed by the authentication number counting means 24 be- 
comes 3 so that. the device information storage means 
27 stores the device IDs of the sink 0 (4), the sink 1 (5) 
and the sink 3 (7). 

[0230] That is to say, the number of apparatuses that 
display the AV data transmitted by the source 3 on a 
monitor is three at this point in time. 
[0231] That is to say, as shown in Fig 4, the sink 3 (7) 
carries out an authentication request while the STB 20 
and the sink3 (7) carry out authentication and when they 
are successful, the authentication number counted by 
the authentication number counting means 24 is in- 
creased to three and a sink 3 (7) is added to the device 
information storage means 27 so that the device IDs of 
the sink 1 (5), the sink 0 (4) and the sink 3 (7) are stored. 
[0232] Here, a sink 4 (8) is assumed to have carried 
out an authentication request on the source 3 as the 
fourth apparatus. When receiving an notification that the 
device ID and authentication of the sink 4 (8) are re- 
quested by the authentication means 23 on the trans- 
mission side, the count adjustment and determination 
means 26 determines whether or not the authentication 
command is accepted in the same manner as in the 
above. In this case, the device IDs of the sink 0 (4), the 
sink 1 (5) and the sin k 3 (7) are registered with the device 
information storage means 27 while the device ID of the 
sink 4 (8) is not registered. Then, the authentication 
number counted by the authentication number counting 
means 24 is three while the upper limit number stored 
by the upper limit authentication number storage means 
25 is three. 

[0233] Accordingly, the device ID of the sink 4 (8) is 
not registered with the device information storage 
means 27 and the authentication number and the upper 
limit number become equal so that the count adjustment 



and determination means 26 determines that the au- 
thentication command from the sink 4 (8) should be re- 
jected. The authentication means 23 on the transmis- 
sion side rejects the authentication requestfrom the sink 
s 4 (8) in accordance with this determination and, thereby, 
this authentication fails. 

[0234] Accordingly, the sink 4 (8) can not decode the 
encryption of the AV data transmitted from the source 3 
and can not display the image and sound on a monitor. 

w [0235] That is to say, as shown in Fig 4, when the sink 
4 (8) carries out an authentication request the STB 20 
rejects the authentication request so that the count 
number counted by the authentication number counting 
means 24 and the device ID stored by the device infor- 
ms mation storage means 27 do not change. 

[0236] In addition, in the case that an apparatus such 
as the sink 0 (4) that has already succeeded in authen- 
tication carries out an authentication request repeatedly, 
the device ID of the sink 0 (4) has already been stored 

20 in the device information storage means 27 so that the 
authentication means 24 on the transmission side car- 
ries out authentication even though the authentication 
number counted by the authentication number counting 
means 24 is not smaller than the upper limit number. 

25 Then, even when the authentication is successful the 
authentication number counting means 24 does not in- 
crease the counted authentication number. Here, in the 
case that a bridge unit such as the sink 2 (bridge unit) 
(6) carries out an authentication request again, the au- 

30 thentication number counting means 24 increases the 
counted authentication number as an exception. Then, 
an authentication request from a bridge unit has a dif- 
ferent format as that of an authentication request from 
an apparatus that is not abridge unit. A bridge unit, for 

35 example, is given a signature that is different from that 
of an apparatus that is not a bridge unit from the key 
management center. Accordingly, the source 3 can de- 
termine whether or not the apparatus that has carried 
out an authentication request is a bridge unit from the 

40 signature attached to the authentication command. 
[0237] That is to say, as shown in Fig 4, in the case 
that the sink 0 (4) carries out an authentication request 
again, the authentication is carried out and, as a result, 
when the authentication is successful the authentication 

^5 number 24 counted by the authentication number count- 
ing means 24 stays at three while the device IDs stored 
by the device information storage means 27 stay at 
those of the sink 1 (5), the sink 0 (4) and the sink 3 (7). 
[0238] Thus, the source 3 rejects the authentication 

50 request from the sink that has not yet carried out au- 
thentication in the case that the authentication number 
exceeds the upper limit number. Accordingly, the 
number of the sinks that can receive the AV data trans- 
mitted by the source 3 so that the image and sound are 

55 displayed on a monitor can be limited to three at a max- 
imum. 

[0239] Next, in the case that the sink 1 (5) stops dis- 
playing the AV data transmitted from the source 3 on a 
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monitor, the sink 1 (5) makes a notification to the source 
3 by carrying out decrement authentication. The opera- 
tion of this case is described in the following. 
[0240] The authentication request means 33 of the TV 
30 that is the sink 1 (5) outputs a command for decre- 
ment authentication to the D-l/F 31 on the reception side 
In order to make a notification that it stops displaying the 
AV data on a monitor. 

[0241 ] This authentication command for decrement is 
provided separately from the authentication command 
for authentication that is carried out in advance at the 
time when AV data is displayed on a monitor. That is to 
say, an authentication command and an authentication 
command for decrement differ in the signature, the op- 
erational equation and the authentication method. 
[0242] The D-l/F 31 on the reception side transmits 
the authentication command for decrement to the STB 
20 that is the source 3 in the same manner as described 
above. 

[0243] The D-l/F 21 on the transmission side outputs 
an authentication command for decrement to the au- 
thentication means 23 on the transmission side when 
receiving the command. 

[0244] Then, the authentication means 23 on the 
transmission side utilizes an authentication rule for dec- 
rement on the transmission side selected by the authen- 
tication selection means 28 on the transmission side 
while the authentication means 34 on the reception side 
utilizes an authentication rule for decrement on the re- 
ception side selected by the authentication selection 
means 35 on the reception side so as to carry out dec- 
rement authentication. 

[0245] Then, when the decrement authentication is 
successful, the authentication means 23 on the trans- 
mission side makes a notification that the decrement au- 
thentication is successful to the count adjustment and 
determination means 26. 

[0246] The count adjustment and determination 
means 26 deletes the device ID of the sink 1 (5) stored 
in the device information storage means 27. Then, it in- 
dicates that the authentication number counted by the 
authentication number counting means 23 is decreased 
by one. Responding to this, the authentication number 
counting means 24 decreases the counted authentica- 
tion number by one. 

[0247] On the other hand, when the decrement au- 
thentication is successful in the TV 30, the authentica- 
tion means 34 on the reception side makes a notification 
that the decrement authentication is successful to the 
decoding means 32. 

[0248] The decoding means 32 deletes the key that 
decodes the AV data transmitted from the STB 20 in ac- 
cordance with the notification from the authentication 
means 34 on the reception side. 
[0249] As a result of the decrement authentication, 
the count number counted by the authentication number 
counting means 24 becomes two, which is smaller than 
three that is the upper limit number. In addition, the de- 



389 A1 




vice ID of the sink 1 (5) is deleted and the two device 
IDs of the sink 0 (4) and the sink (3) are stored in the 
device information storage means 27. 
[0250] That is to say, as shown in Fig 4, in the case 

5 that the sink 1 (5) requests decrement authentication 
and the decrement authentication is successful, the au- 
thentication number counted by the authentication 
number counting means 24 is decreased by one so as 
to become two so that the device ID of the sink 1 (5) is 

10 deleted from the device IDs stored in the device infor- 
mation storage means 27 and only the device IDs of the 
sink 0 (4) and the sink 3 (7) are stored. 
[0251] Here, decrement authentication is carried out 
at the time when the sink 2 (bridge unit) (6) stops the 

15 utilization of data requiring copyright protection and, in 
this case, as described in the fifth embodiment, the sink 
2 (bridge unit) (6) carries out decrement authentication 
for the source 3 according to a plurality of number and 
in the case that all the apparatuses such as the sink 5 

20 (9) connected to IEEE 1394 bus #2 (2) stop decoding 
and displaying data requiring copyright protection, the 
registration of the device ID of the sink 2 (bridge unit) 
(6) stored in the device information storage means 27 
is deleted. That is to say, stoppage of the utilization of 

25 data requiring copyright protection from the source 3 by 
the sink 2 (bridge unit) (6) indicates that all the appara- 
tuses, such as the sink 5 (9) connected to the IEEE 1394 
bus #2 (2), have stopped the utilization of the data. 
[0252] In the case that the sink 4 (8), or the like, car- 

30 ries out an authentication request at this point in time, 
the authentication is successful in the case of an author- 
ized apparatus since the authentication number count- 
ed by the authentication number counting means 24 is 
smaller than the upper limit number. 

35 [0253] That is to say, as shown in Fig 4, when the sink 
4 (8) carries out an authentication request, authentica- 
tion is successfully carried out. Then, as a result, the 
authentication number counted by the authentication 
number counting means 24 becomes three and the de- 

40 vice IDs of the sink 0 (4), the sink 3 (7) and the sink 4 
(8) are stored in the device information storage means 
27. 

[0254] Thus, the apparatus that has already success- 
fully carried out authentication requests decrement au- 

45 thentication at the time when stopping the utilization of 
AV data and the STB 20 carries out decrement authen- 
tication when receiving a command for decrement au- 
thentication so that when this is successful, the device 
information storage means 27 deletes the device ID of 

50 the apparatus that has requested decrement authenti- 
cation and the authentication number counting means 
24 decreases the counted authentication number by 
one and, therefore, another apparatus can be allowed 
to newly utilize AV data while maintaining the limitation 

55 on the number of apparatuses that can simultaneously 
utilize AV data. In addition, since an authentication com- 
mand for decrement is separately provided from an au- 
thentication command, an unauthorized apparatus can 
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be prevented from misusing the decrement authentica- 
tion. 

[0255] In addition, in the case wherein any of the ap- 
paratuses are removed from IEEE 1394bus#1 (1)orin 
the case that an apparatus is newly connected to IEEE 
1394 bus #1 , a bus reset is carried out. Thus, when a 
bus reset occurs, a authentication number counted by 
the authentication number counting means 24 is initial- 
ized to zero and, in addition, the device IDs stored by 
the device information storage means 27 are all deleted. 
Then , the decoding means 32 of the TV 30 discards the 
key for decoding the utilized AV data. In the case that a 
bus reset has occurred in such a manner, the operation 
is repeated from the initial condition. 
[0256] Here, though in the present embodiment, an 
authentication command and an authentication com- 
mand for decrement are described as being different in 
the signature, the optimal equation and the authentica- 
tion method, the invention is not limited to this. The au- 
thentication command and the authentication command 
for decrement may differ at least any one, or more, of 
the signature, the optimal equation and the authentica- 
tion method. 

[0257] Furthermore, though in the present embodi- 
ment a case is described wherein the number of appa- 
ratuses connected to IEEE 1394 bus # (1) is six, the in- 
vention is not limited to this but, rather, an arbitrary 
number, of 63 or less, such as three, 10 or 63, of appa- 
ratuses may be connected. 

[0258] Furthermore, though in the present embodi- 
ment after a successful authentication is carried out on 
an apparatus such as the sink 1 (5), other than the 
bridge unit, the source 3 carries out authentication again 
on an apparatus such as the sink 1 (5) that has under- 
gone a successful authentication before the authentica- 
tion is reset due to a predetermined cause and even if 
the authentication is successful, the authentication 
number counting means 24 does not increase the count- 
ed authentication number and the source 3 carries out 
authentication again on the sink 2 (bridge unit) (6) that 
has undergone a successful authentication after suc- 
cessfully carrying out authentication for the sink 2 
(bridge unit) (6) , etc. before the authentication is reset 
due to a predetermined cause and in the case that the 
authentication is successful, the authentication number 
counting means 24 is described as increasing the count- 
ed authentication number, the invention is not limited to 
this. After authentication is successfully carried out on 
an apparatus such as the sink 1 (5), other than the 
bridge unit, the source rejects the authentication request 
when the source 3 again receives an authentication re- 
quest from the apparatus, such as the sink 1 (5), that 
has successfully carried out authentication before the 
authentication is reset due to a predetermined cause. 
Here, in the case that the source 3 again receives an 
authentication request from the sink 2 (bridge unit) (6) 
after authentication is successfully carried out on the 
sink 2 (bridge unit) (6) and before the authentication is 



reset due to a predetermined cause, the source 3 re- 
ceives this authentication request. Then, in the case that 
the source 3 successfully carries out authentication 
again on the sink 2 (bridge unit) (6), the authentication 
5 number counting means 24 may increase the counted 
authentication number. 

(Second Embodiment) 

[0259] Next, the second embodiment is described. 
[0260] A copyright protection system of the present 
embodiment is shown in Fig 1 in the same manner as 
of the first embodiment. 

[0261 ] Fig 5 shows a source 3 of the present embod- 
iment as an STB 40. The difference from the STB 20 of 
the first embodiment is the point that the STB 40 is pro- 
vided with a determination means 41 instead of the 
count adjustment and determination means 26. 
[0262] The determination means 41 differs from the 
count adjustment and determination means 26 de- 
scribed in the first embodiment and does not carry out 
a determination of whether or not an authentication re- 
quest is a repeated authentication. 
[0263] In addition, a sink 0 (4) , a sink 1 (5) , and the 
like, do not arbitrarily carry out an authentication request 
again, unlike in the first embodiment. That is to say, the 
apparatuses, such as the sink 0 (4) and the sink 1 (5), 
connected to IEEE 1394 bus #1 (1) do not carry out a 
repeated authentication request until the source 3 up- 
dates the key or a bus reset occurs at IEEE 1394 bus 
#1 (1). The parts other than the above are the same as 
of the first embodiment. 

[0264] Here, the source 3 of the present embodiment, 
that is to say, the STB 40, is an example of a transmis- 
sion unit of the present invention and the upper limit au- 
thentication number storage means 25, the authentica- 
tion number counting means 24 and the determination 
means 41 of the present embodiment are examples of 
authentication number counting means of the present 
invention. 

[0265] Next, the operation of the present embodiment 
having such a configuration is described focusing on the 
difference from the first embodiment. 
[0266] The upper limit authentication number storage 
means 25 of the STB 40 as the source 3 is assumed to 
store 3 in the same manner as in the first embodiment. 
That is to say, the AV data requiring copyright protection 
transmitted by the STB 40 can be displayed on a monitor 
so as to be viewed and listened to by means of a max- 
imum of three apparatuses at the same time. 
[0267] In the case that an authentication request from 
any apparatus, such as the sink 1 (5) , has not yet been 
received, the authentication number counted by the au- 
thentication number counting means 24 of the STB 40 
as the source 3 is zero and the device information stor- 
age means 27 does not store the device ID of any ap- 
paratus as shown in Fig 6. 

[0268] Here, when the sink 1 (5) carries out an au- 
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thentication request, authentication is successfully car- 
ried out in the same manner as In the first embodiment. 
As a result, as shown in Fig 6, the authentication number 
counted by the authentication number counting means 

24 becomes one and the device information storage 
means 27 stores the device ID of the sink 1 (5). 
[0269] Furthermore, when the sink 0 (4) carries out 
an authentication request, authentication is successfully 
carried out in the same manner as in the first embodi- 
ment. As a result, as shown in Fig 6, the authentication 
number counted by the authentication number counting 
means 24 becomes two and the device information stor- 
age means 27 stores the device IDs of the sink 1 (5) and 
of the sink 0 (4). 

[0270] Furthermore, when the sink 3 (7) carries out 
an authentication request, authentication is successfully 
carried out in the same manner as in the first embodi- 
ment. As a result, as shown in Fig 6, the authentication 
number becomes three and the stored device IDs be- 
come of the sink 1 (5), of the sink 0 (4) and of the sink 
3(7). 

[0271] Furthermore, when the sink 4 (8) carries out 
an authentication request, the upper limit number stored 
by the upper limit authentication number storage means 

25 and the authentication number counted by the au- 
thentication number counting means 24 are equal, so 
that the authentication request is rejected in the same 
manner as in the first embodiment. As a result, the au- 
thentication number stays at three as shown in Fig 6 and 
the stored device IDs, of the sink 1 (5) , the sink 0 (4) 
and the sink 3 (7), do not change. 

[0272] Next, though in the first embodiment the sink 
0 (4) carried out an authentication request again, the 
authentication request means 33 of the TV 30 as the 
sink 1 (5) of the present embodiment does not arbitrarily 
carry out an authentication request again. That is to say, 
a repeated authentication request is not carried out until 
the STB 40 updates the key or a bus reset occurs in 
IEEE 1394 bus #1 (1) and, thereby, the authentication 
is reset. 

[0273] Accordingly, in the case that an authentication 
request is carried out, the determination means 41 does 
not carry out a determination of whether or not the au- 
thentication request is carried out by the same appara- 
tus. 

[0274] Afterwards, the sink 1 (5) requests decrement 
authentication and, after that, the sink 4 (8) carries out 
an authentication request, wherein the operation thereof 
is the same as in the first embodiment, as shown in Fig 
16, of which the descriptions are omitted. 
[0275] Here, a bridge unit such as the sink 2 (bridge 
unit) (6) can carries out an authentication request again 
on the source 3 by the time when the STB 40 updates 
the key or a bus reset is carried out in IEEE 1394 bus 
#1 (1) and, thereby, authentication is reset. Then, in the 
case that an authentication request is again carried out 
by the sink 2 (bridge unit) (6) and the authentication is 
successfully carried out, the authentication number 
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counting means 24 increases the counted authentica- 
tion number. 

[0276] Moreover, the STB 40 updates the key for en- 
crypting the AV data to another key whenever a prede- 
5 termined time elapses. At this time, authentication is re- 
set. That is to say, AV data is encrypted using another 
key instead of the key that has encrypted the AV data 
until now. 

[0277] In addition, the STB 40 initializes the authenti- 
10 cation number counted by the authentication number 
counting means 24 to zero and deletes the device ID 
stored in the device information storage means 27 in the 
case that the update to another key is carried out as de- 
scribed above. 

is [0278] That is to say, the STB 40 returns to the same 
condition as the initial condition wherein authentication 
is not carried out on any apparatus. 
[0279] Then, when the STB 40 updates the key, the 
decoding means 32 of the TV 30 can not decode AV 

20 data using the key that has been used until now. 

[0280] Therefore, the authentication request means 
33 of the TV 30 carries out an authentication request 
again after confirming that the STB 40 has updated the 
key. 

25 [0281] Furthermore, in the case that the STB 40 and 
the TV 30 have successfully carried out authentication, 
the authentication means 23 on the transmission side 
passes, to the authentication means 34 on the reception 
side, the key that becomes effective after the update of 

30 the key carried out following this update of the key, too. 
[0282] Accordingly, even when an authentication re- 
quest is carried out after the STB 40 updates the key, 
the decoding means 32 has already gained the key that 
becomes effective at the time when the STB 40 ex- 

35 changes the keys and, therefore, decoding of the AV da- 
ta can be sequentially carried out. 
[0283] In addition, in the case that a bus reset occurs 
in IEEE 1394 bus #1 (1) authentication is reset. That is 
to say, the authentication number counted by the au- 

40 thentication number counting means 24 is initialized to 
zero and the device ID stored in the device information 
storage means 27 is deleted. 

[0284] That is to say, the STB 40 returns to the same 
condition as the initial condition wherein authentication 

45 js not carried out on any apparatus. In this case also, 
the authentication request means 33 of the TV 30 car- 
ries out an authentication request again after confirming 
that the STB 40 has updated the key in the same manner 
as in the above. 

so [0285] Thus, an apparatus, such as the sink 1 (5), is 
made not to arbitrarily carry out an authentication re- 
quest again and, thereby, the number of apparatuses 
that can display AV data requiring copyright protection 
on a monitor can be limited in the same manner as in 

55 the first embodiment. 
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(Third Embodiment) 



[0286] Next, the third embodiment is described. 
[0287] A copyright protection system of the present 
embodiment is shown in Fig 1 in the same manner as s 
in the first embodiment. 

[0288] Fig 7 shows a source 3 of the present embod- 
iment as an STB 42. The STB 42 of the present embod- 
iment does not, unlike the STB 20 of the first embodi- 
ment, carry out decrement authentication but, instead, 10 
the STB 42 periodically examines whether or not the 
sink 1 (5), or the like, has stopped decoding AV data or 
displaying the AV data on a monitor. That is to say, the 
STB 42 of the present embodiment is provided with an 
examination means 43 and a correspondence table 15 
storage means 50 unlike the STB 20 of the first embod- 
iment and, in addition, is not provided with an authenti- 
cation rule storage means 29 nor an authentication se- 
lection means 28 on the transmission side. 
[0289] The examination means 43 is a means of pe- 20 
riodically examining whether or not the sink 1 (5), or the 
like, has stopped decoding AV data or displaying AV da- 
ta on a monitor. 

[0290] The correspondence table storage means 50 
is a means of storing a correspondence table wherein 25 
the node unique ID that is information for exclusively 
specifying an apparatus in the IEEE 1394 standard and 
the device ID that is information exclusively specifying 
an apparatus, which is allocated as a portion of the sig- 
nature from the key management center, are made to 30 
correspond to each other. 

[0291] In addition, Fig 8 shows the sink 1 (5) , or the 
like, of the present embodiment as TV 44. 
[0292] The TV 44 of the present embodiment does not 
request decrement authentication, unlike the TV 30 of 35 
the first embodiment, in the case that decoding and dis- 
play on a monitor of AV data are stopped. That is to say, 
the TV 44 is not provided with the authentication rule 
storage means 36 on the reception side nor the authen- 
tication selection means 35 on the reception side. 40 
[0293] The parts other than the above are the same 
as in the first embodiment. 

[0294] Here, the source 3 of the present embodiment, 
that is to say, the STB 42, is an example of a transmis- 
sion unit of the present invention, the sink 1 (5) of the 45 
present embodiment, that is to say, the TV 44, is an ex- 
ample of a reception unit of the present invention and 
the examination means 43, the count adjustment and 
determination means 26 of the present embodiment, the 
correspondence table storage means 50 and the device 50 
information storage means 27 are examples of exami- 
nation means of the present invention. 
[0295] Next, the operation of the present embodiment 
having such a configuration is described focusing on the 
difference from the first embodiment. 55 
[0296] As shown in Fig 4, a sink 1 (5), a sink 0 (4), a 
sink 3 (7) and sink 0 (4) carry out an authentication re- 
quest in the order of this in the same manner as in the 



first embodiment and, as a result, the authentication 
number counted by the authentication number counting 
means 24 as the source 3 is assumed to be three while 
the device information storage means 27 is assumed to 
store the device IDs of the sink 1 (5), the sink 0 (4) and 
the sink 3 (7). Here, the STB 42 is not provided with the 
authentication selection means 29 on the transmission 
side nor the authentication rule storage means 28 on 
the transmission side and, therefore, the STB 42 does 
not select an authentication rule at the time when au- 
thentication is carried out on the TV 44. The TV 44 does 
not select an authentication rule in the same manner. 
[0297] The TV 44 as the sink 1 (5) displays the image 
and sound of the AV data transmitted from the STB 42 
as the source 3 on a monitor. 

[0298] The examination means 43 periodically exam- 
ines the conditions of plugs of every apparatus, such as 
the sink 0 (4) or the sink 1 (5), connected to IEEE 1394 
bus#1 (1). 

[0299] Here, the plugs are standardized according to 
IEC 61883, which is the standard for transmitting data 
of AV apparatuses using the IEEE 1394 bus and for car- 
rying out apparatus control, and are used conceptually 
for managing logical connections among apparatuses 
connected to IEEE 1394 buses. In the following, the 
plugs are briefly described. 

[0300] There are two types of plugs, input plugs and 
output piugs. That is to say, in the case that an apparatus 
has a function of inputting AV data from IEEE 1394 bus, 
the apparatus has input plugs according to the same 
number as the number of pieces of AV data that can be 
imputed at the same time, that is to say, the same 
number of isochronous channels that can be inputted at 
the same time while in the case that an apparatus has 
a function of outputting AV data to IEEE 1394 bus, the 
apparatus has output plugs according to the same 
number as the pieces of AV data that can be outputted 
at the same time, that is to say, the same number of 
isochronous channels that can be outputted at the same 
time. 

[0301] Then, each apparatus has one iPCR (input 
plug control register) for maintaining the condition of an 
input plug corresponding to one input plug. In addition, 
each apparatus has one oPCR (output plug control reg- 
ister) for maintaining the condition of an output plug cor- 
responding to one output plug. 
[0302] In the case that apparatuses connected to 
IEEE 1394 bus carry out transmission and reception of 
AV data to and from each other, it is necessary for these 
apparatuses to establish a connection between them. 
That is to say, a connection is established by setting in- 
formation necessary for iPCR and oPCR, such as a type 
of connection (broadcast connection or point to point 
connection), the number of connections and a utilized 
channel number, in the oPCR of the apparatus on the 
transmission side and in the iPCR of the apparatus on 
the output side. In addition, at the time when an appa- 
ratus connected to IEEE 1394 bus stops receiving AV 
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data and decoding for display, It Is necessary to cut off 
the above described connection. At this time, by sub- 
tracting the number of connections set in iPCR or in 
oPCR, or by canceling the types of registered connec- 
tions, the connection is cut off. Accordingly, by examin- 
ing the conditions that are set in the iPCR, it can be 
known whether the apparatus receives AV data to be 
decoded and displayed or whether decoding and dis- 
play of AV data are stopped. The plugs are described in 
the above. 

[0303] Here, the sink 1 (5) is assumed to stop receiv- 
ing the AV data transmitted from the source 3 and de- 
coding for the display. Then, the setting of the connec- 
tion of the iPCR that corresponds to the AV data is re- 
leased. 

[0304] The examination means 43 found that the sink 
1 (5) has cut off the connection with the source 3 as a 
result of examining the condition of the iPCR of the sink 
1 (5). 

[0305] Then , the examination means 43 acquires the 
node unique ID of the sink 1 (5) and makes a notification 
that the node unique ID of the sink 1 (5) and the sink 1 
(5) have cut off the connection with the STB 42, as the 
source 3, to the count adjustment and determination 
means 26. 

[0306] The count adjustment and determination 
means 26 examines the device ID of the sink 1 (5) that 
corresponds to the node unique ID from the received 
node unique ID by utilizing the correspondence table 
stored in the correspondence table storage means 50 
when receiving a notification from the examination 
means 43. 

[0307] As described above, the authentication 
number counted by the authentication number counting 
means 24, as the source 3, is three as shown in Fig 4 
and the device information storage means 27 stores the 
device IDs of the sink 1 (5), the sink 0 (4) and the sink 
3(7). 

[0308] Accordingly, the count adjustment and deter- 
mination means 26 directs that, since the device ID of 
the sink 1 (5) has already been stored in the device in- 
formation storage means 27, the device ID of the sink 1 
(5) is deleted from the device information storage means 
27 and the authentication number counted by the au- 
thentication number counting means 24 is decreased by 
one. In response to this, the authentication number 
counting means 24 decreases the counted authentica- 
tion number by one. 

[0309] Thus, unlike the first embodiment, the exami- 
nation means 43 of the STB 42 that is the source. 3 ex- 
amines the apparatus that has stopped receiving the AV 
data transmitted from the source 3 and decoding for the 
display and, thereby, the same effects as of the first em- 
bodiment can be gained without carrying out decrement 
authentication. 

[0310] Here, though in the present embodiment the 
examination means 43 is described as examining 
whether or not the sink 1 (5), or the like, has stopped 



receiving AV data and decoding for the display by ex- 
amining the condition of the plug of the sink 1 (5), or the 
like, the invention is limited to this. The invention may 
have the structure as described below. 

s [0311] That is to say, the examination means 43 
checks the number of apparatuses connected to IEEE 
1 394 bus #1 ( 1 ) before checking the condition of the plug 
of each apparatus, and only when the number of these 
apparatuses has decreased, the examination means 43 

10 checks which apparatus is removed from the IEEE 1 394 
bus #1 so as to acquire the node unique ID of the appa- 
ratus removed from IEEE 1394 bus#1 and, then, makes 
a notification to the count adjustment and determination 
means 26 of the node unique ID of the apparatus and 

15 that the apparatus is removed. Then, the count adjust- 
ment and determination means 26 finds the device ID 
that corresponds to the notified node unique ID from the 
correspondence table. Then, the count adjustment and 
determination means 36 checks whether or not the 

20 found device ID has already been registered with the 
device information storage means 27. In the case that 
it is registered, the STB 42 and the apparatus on which 
authentication has been carried out are removed and, 
therefore, the count adjustment and determination 

25 means 26 directs the authentication number counting 
means 24 to decrease the counted authentication 
number. In response to this direction, the authentication 
number counting means 24 decreases the counted au- 
thentication number. Furthermore, the count adjustment 

30 and determination means 26 deletes the device ID of 
the removed apparatus that Is stored in the device in- 
formation storage means 27. 

[0312] Note that the removal from IEEE 1394 bus #1 
as described hereinbefore does not indicate that the 
35 connector connected to IEEE 1394 bus #1 (1) is re- 
moved from IEEE 13.94 bus #1 (1) but, rather, it indi- 
cates that the TV 44 receives data sent from a system 
different from the D-l/F 31 on the reception side so as 
to allow display on a monitor. 

40 

(Fourth Embodiment) 

[0313] Next, the fourth embodiment is described. 
[0314] A copyright protection system of the present 
45 embodiment is shown in Fig 1 in the same manner as 
in the first embodiment. 

[031 5] Fig 9 shows a source 3 of the present embod- 
iment as an STB 45. The STB 45 of the present embod- 
iment does not carry out decrement authentication, un- 

50 like the STB 40 of the second embodiment but, instead, 
periodically examines whether or not the sink 1 (5), or 
the like, has stopped the decoding and the displaying 
on a monitor of AV data. That is to say, the STB 42 of 
the present embodiment is, unlike the STB 40 of the sec- 

55 ond embodiment, provided with an examination means 
43 and a correspondence table storage means 50 and, 
in addition, is not provided with an authentication rule 
storage means 29 nor with an authentication selection 
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means 28 on the transmission side. 
[0316] The examination means 43 is a means of pe- 
riodically examining whether or not the sink 1 (5), or the 
like, has stopped the decoding and the displaying on a 
monitor of AV data. 

[0317] The correspondence table storage means 50 
is a means of storing a correspondence table that makes 
the node unique ID, which is information for exclusively 
specifying an apparatus in the IEEE 1394 standard, and 
the device ID, which is information for exclusively spec* 
ifying a device allocated from the key management cent- 
er, correspond to each other. 

[0318] In addition, Fig 8 shows the sink 1 (5), and the 
like, of the present embodiment as the TV 44. The TV 
44 is the same as in the third embodiment. 
[0319] That is to say, the TV 44 of the present embod- 
iment does not, u nlike the TV 30 of the first embodiment, 
request decrement authentication in the case that the 
decoding and the displaying on a monitor of AV data are 
stopped. 

[0320] The parts, other than the above, are the same 
as in the second embodiment. 
[0321] Here, the source 3 of the present embodiment, 
that is to say the STB 45, is an example of a transmission 
unit of the present invention and the correspondence ta- 
ble storage means 50, the determination means 41 , the 
examination means 43 and the device information stor- 
age means 27 are examples of the examination means 
of the present invention. 

[0322] Next, the operation of the present embodiment 
having such a configuration is described focusing on the 
differences from the second embodiment. 
[0323] As shown in Fig 6, authentication requests are 
carried out on the sink 1 (5), the sink 0 (4), the sink 3 (7) 
and the sink 4 (8), in this order, in the same manner as 
in the second embodiment and, as a result, the authen- 
tication number counted by the authentication number 
counting means 24 as the source 3 is three and the de- 
vice information storage means 27 is assumed to store 
the device IDs of the sink 1 (5), the sink 0 (4) and the 
sink 3 (7). Here, the STB 45 is not provided with the au- 
thentication selection means 29 on the transmission 
side nor the authentication rule storage means 28 on 
the transmission side and, therefore, the selection of an 
authentication rule is not carried out at the time when 
authentication is carried out on the TV 44. 
[0324] The TV 44, as the sink 1 (5), displays the image 
and sound of the AV data transmitted from the STB 42, 
as the source 3, on a monitor. 
[0325] The examination means 43 periodically exam- 
ines the conditions of a plug of every apparatus, such 
as the sink 0 (4) or the sink 1 (5), connected to IEEE 
1394 bus #1 (1). 

[0326] Here, the sink 1 (5) is assumed to stop the re- 
ception and decoding for display of AV data transmitted 
from the source 3. Then, the setting of the connection 
of the iPCR, which corresponds to the above AV data, 
is released. 



[0327] It is assumed that the examination means 43 
finds that the sink 1 (5) has cut off the connection with 
the source 3 as a result of examining the condition of 
theiPCRofthesinkl (5). 

5 [0328] Then, the examination means 43 acquires the 
node unique ID of the sink 1 (5) and makes a notification 
to the count adjustment and determination means 26 of 
the node unique ID of the sink 1 (5) and that the sink 1 
(5) has cut off the connection with the STB 42, as the 

10 source 3. 

[0329] The operation hereinafter is the same as in the 
third embodiment and, accordingly, the count adjust- 
ment and determination means 26 deletes the device ID 
of the sink 1 (5) from the device information storage 

15 means 27 and directs the authentication number count- 
ing means 24 to decrease the authentication number 
counted by the authentication number counting means 
24 by one since the device ID of the sink 1 (5) has al- 
ready been stored in the device information storage 

20 means 27. In response to this, the authentication 
number counting means 24 decreases the counted au- 
thentication number by one. 

[0330] Thus, unlike in the second embodiment, the 
examination means 43 of the STB 42, which is the 
25 source 3, examines the apparatus that has stopped the 
reception and decoding for display of the AV data trans- 
mitted from the source 3 and, thereby, the same effects 
as of the second embodiment can be gained without car- 
rying out decrement authentication. 

30 

(Fifth Embodiment) 

[0331] Next, the fifth embodiment is described. 
[0332] Fig 1 shows a copyright protection system of 

35 the present embodiment. 

[0333] Fig 5 shows a source 3 of the present embod- 
iment as an STB 40. The STB 40 of the present embod- 
iment is the same as is described in Embodiment 2. 
[0334] Fig 3 shows a sink 1 (5) connected to IEEE 

40 1 394 bus #1 (1), a sink 5 (9) connected to IEEE 1394 
bus #2 (2), and the like, as a TV 30. The TV 30 of the 
present embodiment is the same as is described in the 
second embodiment. 

[0335] Fig 10 shows a sink 2 (bridge unit) (4) as a 

45 bridge unit 46. 

[0336] The bridge unit 46 is a unit that once decodes 
AV data sent from IEEE 1394 bus #1 (1) as the received 
isochronous packet, that encrypts the AV data using a 
key the bridge unit 46 has, that transmits the AV data to 

so IEEE 1 394 bus #2 (2) as an isochronous packet and that 
rewrites the node ID of the transmission origin attached 
to the header of the isochronous packet received from 
IEEE 1394 bus #1 (1) at this time into the node ID of its 
own, which is then transmitted. 

55 [0337] The bridge unit 46 is formed of a D-l/F 31 on 
the reception side, a decoding means 32, an authenti- 
cation means 34 on the reception side, a key counting 
means 47, an authentication request means 47, an au- 
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thentication rule storage means 36 on the reception 
side, an authentication selection means 35 on the re- 
ception side, a D-l/F 21 on the transmission side, an en- 
cryption means 22, an authentication means 23 on the 
transmission side, an authentication number counting 
means 48, a determination means 41 , a device informa- 
tion storage means 27, an authentication rule storage 
means 29 on the transmission side and an authentica- 
tion selection means 28 on the transmission side. 
[0338] The key counting means 47 is a means of 
counting the key count number that is the number of suc- 
cessful authentications carried out on apparatuses such 
as the source 3 that transmits AV data to IEEE 1 394 bus 
#1 (1). 

[0339] The authentication number counting means 48 
is a means of counting the authentication number that 
is the number of the successful authentications carried 
out on the apparatuses such as the sink 5 (9) connected 
to IEEE 1394 bus #2 (2) such as the sink 5 (9). 
[0340] The other parts of the configuration are the 
same as of the second embodiment, of which the de- 
scriptions are omitted. 

[0341 ] Here, the bridge unit 46 of the present embod- 
iment is an example of a bridge unit of the present in- 
vention, the authentication rule storage means 36 on the 
reception side, the authentication selection means 35 
on the reception side and the authentication means 34 
on the reception side are examples of authentication 
means on the reception side of abridge unit of the 
present invention, the authentication rule storage 
means 29 on the transmission side, the authentication 
selection means 28 on the transmission side and the 
authentication means 23 on the transmission side are 
examples of authentication means on the transmission 
side of a bridge unit of the present invention, the authen- 
tication number counting means 48 of the present em- 
bodiment is an example of an authentication number 
counting means of a bridge unit of the present invention, 
the authentication number counted by the authentica- 
tion number counting means 48 of the present embod- 
iment is an example of the authentication numbercount- 
ed by an authentication number counting means of a 
bridge unit of the present invention and the key count 
number of the present embodiment is an example of the 
upper limit number of permissions of the present inven- 
tion. 

[0342] Next, the operation of the present embodiment 
having such a configuration is described. 
[0343] Fig 1 1 shows a state machine diagram show- 
ing the operation of the bridge unit 46. In the following, 
the description is given in reference to this state ma- 
chine diagram. 

[0344] The bridge unit 46 functions as a sink that re- 
ceives the AV data transmitted by the source 3 in IEEE 
1 394 bus #1 (1 ) and functions as a source that transmits 
AV datato the sink 5, or the like, in IEEE 1 394 bus #2 (2). 
[0345] In the case that the power supply of the bridge 
unit 46 is turned on or the bridge unit 46 is connected to 
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IEEE 1394 bus #1 (1) and to IEEE 1394 bus #2 (2) so 
that a bus reset of IEEE 1394 bus #2 (2) occurs, or in 
the case that an apparatus is connected to or removed 
from IEEE 1394 bus #1 (1), so that a bus reset occurs 

5 in IEEE 1394 bus #1 (1), the bridge unit 46 is reset to 
the unauthenticated condition of (SO). That is to say, the 
authentication of the bridge unit is reset. The key count 
number counted by the key counting means 47 of the 
bridge unit 46 is initialized to zero and the authentication 

10 number counted by the authentication number counting 
means 48 of the bridge unit 46 is initialized to zero, re- 
spectively, under the unauthenticated condition (SO). 
[0346] During the transition from the unauthenticated 
condition (SO) to the authentication (S1) carried out on 

15 the source, initialization of authentication is carried out. 
That is to say, the authentication request means 33 of 
the bridge unit 33 prepares an authentication command 
that is the command for carrying out an authentication 
request and outputs the authentication command to the 

20 D-l/F 31 on the reception side. The D-l/F 31 on the re- 
ception side transmits the authentication command to 
the source 3 of IEEE 1394 bus #1 (1). 
[0347] Under the condition of the authentication (S1 ) 
carried out on the source, the STB 40 as the source 3 

25 shown in Fig 5 determines whether the authentication 
command is accepted or rejected when receiving the 
authentication command from the bridge unit 46 in the 
same manner as in the second embodiment. Then, in 
the case that the STB 40 rejects the authentication com- 

30 mand from the bridge unit 46, or in the case that the 
authentication command from the bridge unit 46 is ac- 
cepted but authentication has failed, the condition 
wherein the authentication (S1) is carried out on the 
source makes a transition to the unauthenticated con- 

35 dition (SO). 

[0348] In addition, in the case that the STB 40 accepts 
the authentication command from the bridge unit 46 and 
the authentication means 23 on the transmission side 
of the STB 40 and the authentication means 34 on the 

40 reception side of the bridge unit 46 successfully carry 
out authentication, the condition wherein the authenti- 
cation (S1) is carried out on the source makes a transi- 
tion to the condition of authenticated (S2). At this time, 
the key counting means 47 of the bridge unit 46 increas- 

45 es the key count number by one, that is to say, sets the 
counted key count number at 1 . 
[0349] In addition, the determination means 41 of the 
STB 40 as the source 3 succeeds in authentication and, 
therefore, directs the authentication number counting 

so means 24 of the STB 40 to increase the counted count 
number by one so that in response to this, the authen- 
tication number counting means 24 of the STB 40 in- 
creases the counted authentication number by one. 
Such an operation of the STB 40 is described in detail 

55 in the second embodiment. 

[0350] Under the condition of authenticated (S2), the 
bridge unit 46 is in the condition wherein authentication 
is successfully carried out on the source 3, or the like. 
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[0351] When an authentication request is carried out 
by an apparatus such as the sink 5 (9) connected to 
IEEE. 1394 #2 (2) under the condition of authenticated 
(S2), the determination means 41 of the bridge unit 46 
determines as follows. That is to say, at present, the au- 
thentication number counted by the authentication 
number counting means 48 of the bridge unit is zero and 
the key count number counted by the key counting 
means 47 is one and, therefore, the value of the authen- 
tication number is smallerthan the value of the key count 
number In this case, the determination means 41 of the 
bridge unit 46 determines that the authentication means 
23 on the transmission side of the bridge unit 46 should 
carry out authentication for the sink 5 (9) corresponding 
to the authentication command from the sink 5 (9). The 
authentication means 23 on the transmission side of the 
bridge unit 46 carries out authentication for the sink 5 
(9) in accordance with this determination. That is to say, 
the authenticated condition (S2) makes a transition to 
the condition wherein authentication (S3) is carried out 
on the sink or on another bridge (reception side). When 
authentication carried out on the authentication means 
23 on the transmission side of the bridge unit 46 and the 
sink 5 (9) succeeds, the authentication number counting 
means 48 of the bridge unit 46 increases the counted 
authentication number by one and the device informa- 
tion storage means 27 stores the device ID of the sink 
5 (9). Accordingly, the key count number counted by the 
key counting means 47 is one and the authentication 
number counted by the authentication number counting 
means 48 becomes one. Then, the condition makes a 
transition to the authenticated condition (S2). 
[0352] Here, furthermore, suppose the sink 6 (10) 
transmits an authentication command to the bridge unit 
46. In this case, when the authentication means 23 on 
the transmission side of the bridge unit 46 receives the 
authentication command from the sink 6(10), the deter- 
mination means 41 of the bridge unit 46 determines as 
follows based on the request from the authentication- 
means 23 on the transmission side. That is to say, at 
present, the key count number counted by the key 
counting means 47 is one, the authentication number 
counted by the authentication number counting means 
48 of the bridge unit 46 is also one so that the key count 
number and the authentication number become equal. 
In the case that the key count number and the authen- 
tication number are equal, the determination means 41 
allows the authentication request from the sink 6 (1 0) to 
be completed after the retrial and determines that au- 
thentication should first be carried out on the source 3. 
The authentication means 23 on the transmission side 
follows this determination so as to once reject the au- 
thentication request from the sink 6 (10) and complete 
it. Then, the authentication request means 33 of the 
bridge unit 46 transmits the authentication command to 
the source 3. That is to say, the authenticated condition 
(S2) makes a transition to the condition wherein authen- 
tication (S4) is carried out on the source. 
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[0353] Though not described in the second embodi- 
ment, the bridge unit 46, as the sink 2 (6) of IEEE 1394 
bus #1 (1), carries out an authentication request repeat- 
edly on the source 3 unlike other sink 5 (9), and the like. 

5 Then, whenever the STB 40 as the source 3 success- 
fully carries out authentication for the bridge unit 46 the 
authentication number counting means 24 of the STB 
40 increases the counted authentication number in the 
range that does not exceed the upper limit number of 

10 the upper limit authentication number storage means 
25. The determination of whether the determination 
means 41 of the STB 40 accepts or rejects the authen- 
tication request is carried out in the completely same 
manner as in the case of the bridge unit 46, the sink 1 

is (5), and the like. 

[0354] In the case that the source 3 and the authen- 
tication means 34 on the transmission side of the bridge 
unit 46 successfully carry out authentication in the same 
manner as in the second embodiment, the key counting 

20 means 47 increases the counted key count number by 
one. That is to say, the condition wherein authentication 
(S4) is carried out on the source makes a transition to 
the authenticated condition (S2). At this point in time, 
the key count number becomes two and the authentica- 

25 tion number becomes one. 

[0355] When an authentication command is received 
again from the sink 6 (1 0) under the condition of authen- 
ticated (S2), the determination means 41 of the bridge 
unit 46 determines that authentication should be carried 

30 out on the sink 6 (1 0) because the key count number is 
larger than the authentication number. That is to say, the 
authenticated condition (S2) makes a transition to the 
condition wherein authentication (S3) is carried out on 
the sink or on another bridge (reception side). Then, 

35 when the authentication means 23 on the transmission 
side of the bridge unit 46 successfully carries out au- 
thentication for the sink 6 (1 0) under the condition of au- 
thentication (S3) carried out on the sink or another 
bridge (reception side), the authentication number 

40 counting means 48 of the bridge unit 46 increases the 
counted authentication number by one and the device 
information storage means 27 stores the device ID of 
the sink 6 (1 0). Then, the condition wherein authentica- 
tion (S3) is carried out on the sink or on another bridge 

45 (reception side) makes a transition to the authenticated 
condition (S2). In this condition, the key count number 
is two and the authentication number has become two. 
[0356] When the bridge unit 46 is requested for au- 
thentication from an apparatus connected to IEEE 1394 

so bus #2 in the above manner, the bridge unit 46 makes 
a transition from the authenticated condition (S2) to the 
condition wherein authentication (S3) is carried out on 
the sink or on another bridge (reception side) in the case 
that the key count number is greater than the authenti- 

55 cation number and completes the authentication re- 
quest from that apparatus after the retrial so as to carry 
out authentication for the source 3 in the case that the 
key count number and the authentication number are 
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equal. That is to say, the authenticated condition (S2) 
makes a transition to the condition wherein authentica- 
tion (S4) is carried out on the source. That is to say, in 
the case that the bridge unit 46 is requested for authen- 
tication from an apparatus connected to IEEE 1394 bus 
#2 (2), the values of the key count number and the au- 
thentication number are compared and in the case that 
the key count number is greater than the authentication 
number, authentication is carried out on the apparatus 
connected to IEEE 1394 bus #2 (2) while in the case 
that the key count number and the authentication 
number are equal, authentication is carried out on the 
source 3 before authentication is carried out on the ap- 
paratus that has carried out an authentication request. 
[0357] In addition, the source 3 connected to IEEE 
1 394 bus #1 is an apparatus that controls AV data to be 
decoded and displayed only on a maximum of three ap- 
paratuses as described in the second embodiment. In 
the case that the bridge unit 46 receives an authentica- 
tion request from the sink connected to IEEE 1 394 bus 
#2 in the above described manner, the bridge unit car- 
ries out authentication for the source connected to IEEE 
1394 bus #1 before authentication is carried out on the 
above apparatus so that authentication is carried out on 
the sink connected to I EEE 1 394 bus #2 after the above 
authentication is successful and, therefore, the limita- 
tion on the number of apparatuses for the AV data re- 
quiring copyright protection that is transmitted from the 
source 3 can be adhered to even in the case the bridge 
unit 46 exists. 

[0358] Here, the sink 5 (9) receives and decodes the 
AV data requiring copyright protection that is transmitted 
from the source 3 and the sink 5 (9) that stops displaying 
the AV data on a monitor requests decrement authenti- 
cation by transmitting a command for decrement au- 
thentication to the bridge unit 46 in the same manner as 
described in the first embodiment. That is to say, the au- 
thenticated condition (S2) makes a transition to the con- 
dition wherein decrement authentication (S5) is carried 
out on the sink or on another bridge (reception side). At 
this point in time, the key count number of the key count- 
ing means 47 is two and the authentication number 
counted by the authentication number counting means 
48 of the bridge unit 46 is also two. 
[0359] Under the condition of decrement authentica- 
tion (S5) carried out on the sink or another bridge (re- 
ception side), the bridge unit 46 carries out decrement 
authentication for the sink 5 (9). Then, in the case that 
the decrement authentication is successful, the authen- 
tication number counted by the authentication number 
counting means 48 of the bridge unit 46 is decreased 
by one and the device information storage means 27 
deletes the device ID of the stored sink 5 (9). Then, the 
condition wherein decrement authentication (S5) is car- 
ried out on the sink or on another bridge (reception side) 
makes a transition to the condition wherein decrement 
authentication (S6) is carried out on the source. On the 
other hand, in the case that decrement authentication 
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has failed, the condition wherein the decrement authen- 
tication (S5) is carried out on the sink or on another 
bridge (reception side) makes a transition to the authen- 
ticated condition (S2). 

5 [0360] The bridge unit 46 carries out decrement au- 
thentication for the source 3 in the condition of the dec- 
rement authentication (S6) carried out on the source 
and when it is successful, the key count number is de- 
creased by one and the condition wherein decrement 

10 authentication (S6) is carried out on the source makes 
a transition to the authenticated condition (S2). In addi- 
tion, in the case that the decrement authentication has 
failed the key count number is not decreased and the 
condition wherein decrement authentication (S6) is car- 
ts ried out on the source makes a transition to the authen- 
ticated condition (S2). At this point in this time, the key 
count number becomes one and the authentication 
number of the bridge unit 46 has also become one. 
[0361] The above described operation is repeated 

20 continuously in the case that an authentication request 
or a decrement authentication request is received from 
another apparatus connected to IEEE 1394 bus #2 un- 
der the condition of authenticated (S2). 
[0362] In the case that an apparatus connected to 

25 IEEE 1394 bus #2 (2) stops receiving, decoding and dis- 
playing AV data, this is declared to the bridge unit 46 in 
the same manner as in the second embodiment and the 
bridge unit 46 carries out decrement authentication and, 
thereby, the apparatuses connected to IEEE 1394 bus 

30 #1 (1) and to IEEE 1394 bus #2 (2) can newly utilize AV 
data in the same manner as in the second embodiment 
even in the case that IEEE 1394 bus #1 (1) and IEEE 
1394 bus #2 (2) are connected to the bridge unit. 
[0363] Furthermore, the source 3 must immediately 

35 send an isochronous packet when a band and a channel 
are allocated from the isochronous resource manager 
according to IEEE 1394. The source 3 sends an empty 
isochronous packet to IEEE 1394 bus #1 (1) in the case 
wherein no AV data is to be transmitted. Then, even in 

40 the case that the source 3 does not send an empty iso- 
chronous packet to IEEE 1394 bus #1 (1), authentica- 
tion of the source 3 is reset in the DTCP system. 
[0364] Accordingly, in the case that the bridge unit 46 
(S2) is in the authenticated condition (S2) and the trans- 

45 mission of isochronous packets from the source 3 is cut 
off, a transition from the authenticated condition (S2) is 
made, the key counter is initialized to zero and the au- 
thentication number counting means 48 of the bridge 
unit 46 initializes the counted authentication number to 

so zero so as to return the authenticated condition (S2). 
That is to say, when the authentication of source 3 is 
reset, the bridge unit 46 also resets the authentication. 
[0365] In addition, though the transmission of iso- 
chronous packets from the source 3 continues, in the 

55 case that the transmission of isochronous packets from 
the bridge unit 46 is cut off, a transition is made from the 
authenticated condition (S2) and the authentication 
number counted by the authentication number counting 
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means 23 of the bridge unit 46 is initialized to zero and 
the condition again returns to the authenticated condi- 
tion (S2). That is to say, the bridge unit 46 resets the 
authentication. 

[0366] In addition, in the case that the bridge unit 46 
that is in the authenticated condition (S2) discovers that 
an apparatus, such as the sink 5 (9) connected to IEEE 
1394 bus #2 (2), has been lost from IEEE 1394 bus #2 
(2), the authenticated condition (S2) makes a transition 
to the condition wherein decrement authentication (S6) 
is carried out on the source. 

[0367] Then, under the condition wherein decrement 
authentication (S6) is carried out on the source, the 
bridge unit 46 carries out decrement authentication for 
the source 3. In the case that this is successful, the key 
count number is decreased by one so that the condition 
makes a transition to the authenticated condition (S2). 
In the case of failure, the key count number is not de- 
creased so that the condition makes a transition to the 
authenticated condition (S2). 

[0368] Thus, even in the case that the bridge unit 46 
connects IEEE 1394 bus #1 (1) and IEEE 1394 bus #2, 
the same effects can be gained as are described in the 
second embodiment. 

[0369] Here, though in the present embodiment in the 
case that the bridge unit 46 receives an authentication 
request from an apparatus connected to IEEE 1 394 bus 
#2 (2), it is determined whether authentication is carried 
out on that apparatus or authentication is carried out on 
the source 3 before authentication is carried out on that 
apparatus based on the relative magnitude between the 
key count number counted by the key counting means 
47 and the authentication number counted by the au- 
thentication number counting means 48 of the bridge 
unit 46, the invention is not limited to this. In the case 
that the key counting means 47 is not provided and an 
authentication request is received from the sink con- 
nected to IEEE 1394 bus #2 (2), only when authentica- 
tion is carried out on the source 3 before this authenti- 
cation is carried and the authentication is successfully 
carried out on the source 3, the authentication can be 
carried out on the sink. The same effects as of the 
present embodiment can be gained in such a manner. 

(Sixth Embodiment) 

[0370] Next, the sixth embodiment is described. 
[0371] A copyright protection system of the present 
embodiment is shown in Fig 1 in the same manner as 
in the fifth embodiment. 

[0372] Fig 5 shows a source 3 of the present embod- 
iment as an STB 40. The STB 40 is the same as de- 
scribed in the second embodiment. 
[0373] In addition, Fig 3 shows a sink 1 (5) connected 
to IEEE 1 394 bus #1 (1 ), a sink 5 (9) connected to IEEE 
1394 bus #2 (2), and the like, as a TV 30. The TV 30 is 
the same as described in the second embodiment. 
[0374] In addition, Fig 10 shows a bridge unit 46 as a 
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sink 2 (bridge unit) (4). 

[0375] The bridge unit 46 of the present embodiment 
has the same configuration as that of the fifth embodi- 
ment. 

5 [0376] Next, the operation of the present embodiment 
having such a configuration is described focusing on the 
difference from that of the fifth embodiment. 
[0377] In the fifth embodiment, the bridge unit 46 car- 
ries out authentication only once on the source 3 at the 

10 time when the unauthenticated condition (SO) makes a 
transition to the condition wherein authentication (S1) is 
carried out on the source or to the authenticated condi- 
tion (S2) in the state machine diagram of Fig 11 and, in 
the case of success, the key count number counted by 

15 the key counting means 47 is set at 1 . 

[0378] In contrast to this, in the present embodiment 
the authentication request means 33 of the bridge unit 
46 transmits an authentication command, to which is 
added the number of authentications desired to be car- 

20 ried out on the source 3, to the source 3 at the time when 
the unauthenticated (SO) condition makes a transition 
to the condition wherein the authentication (S1) is car- 
ried out on the source or to the authenticated (S2) con- 
dition. 

25 [0379] Then, the authentication means 34 on the re- 
ception side of the bridge unit 46 carries out authentica- 
tion for the source 3 according to the number of times 
designated at the time authentication is requested. On 
the other hand, the source 3 carries out authentication 

30 by determining whether authentication from the bridge 
unit 46 is rejected or authentication is carried out based 
on the upper limit number stored in the upper limit au- 
thentication number storage means 25 in the same 
manner as in the second embodiment and on the au- 

35 thentication number counted by the authentication 
number counting means 24 of STB 40 at the time when 
authentication is carried out on the authentication 
means 34 on the reception side of the bridge unit 46. 
[0380] The key counting means 47 increases the key 

40 count number by the number of times that the bridge 
unit 46 has successfully carried out authentication when 
authentication is collectively carried out according to the 
number of times designated in such a manner. 
[0381] Accordingly, in the case that the above de- 

45 scribed authentication is successful and in the case that 
the number of times that is desired that the authentica- 
tion request means 33 carry out authentication for the 
source 3 attached to the authentication command is 
greater than 1 at the point in time when a transition is 

50 made to the authenticated (S2) condition, the key count 
number has a value greater than 1 and the authentica- 
tion number of the authentication number counting 
means 48 of the bridge unit 48 has become 0. 
[0382] The parts other than the above are the same 

55 as in the fifth embodiment. That is to say, the bridge unit 
46 of the present embodiment makes a notification of 
the number of times authentication is desired to be car- 
ried out to the source 3 and authentication is carried out 
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in advance according to this number of times and, there- 
fore, even In the case that an authentication request is 
received from an apparatus such as the sink 5 connect- 
ed to IEEE 1394 bus #2 (2), it is not necessary to carry 
out a two-stage process wherein the authentication re- 5 
quest is once rejected and authentication is successfully 
carried out on the source 3 and, again, authentication is 
carried out on this apparatus that has received the au- 
thentication request. An authentication request from an 
apparatus, such as sink 5, connected to IEEE 1394 bus 
#2 (2) is instantly accepted up to the number of times 
authentication is carried out on the source 3 in advance 
so that authentication can be carried out on this appa- 
ratus. Accordingly, in addition to the same effects as in 
the fifth embodiment, the effects can further be gained 
wherein response time of the bridge unit 46 to the au- 
thentication request is shortened. 

(Seventh Embodiment) 

[0383] Next, the seventh embodiment is described. 
[0384] A copyright protection system of the present 
embodiment is shown in Fig 1 in the same manner as 
in the fifth embodiment. 

[0385] A source 3 of the present embodiment is 
shown in Fig 5 as an STB 40. The STB 40 is the same 
as is described in the second embodiment. 
[0386] In addition, Fig 3 shows a sink 1 (5) connected 
to IEEE 1394 bus #1 (1) of the present embodiment, a 
sink 5 (9) connected to IEEE 1394 bus #2 (2), and the 
like, as shown as a TV 30. The TV 30 is the same as is 
described in the second embodiment. 
[0387] In addition, Fig 1 0 shows a bridge unit 46 as a 
sink 2 (bridge unit) (6). 

[0388] The bridge unit 46 of the present embodiment 
has the same configuration as that of the fifth embodi- 
ment. 

[0389] Next, the operation of the present embodiment 
having such a configuration is described focusing on the 
differences from the fifth embodiment. 
[0390] In the fifth embodiment, in the case that dec- 
rement authentication is requested from an apparatus 
connected to IEEE 1394 bus #2, the authenticated (S2) 
condition makes a transition to the condition wherein 
decrement authentication (S5) is carried out on the sink 
or on another bridge (reception side) and, furthermore, 
makes a transition to the condition wherein decrement 
authentication (S6) is carried out on the source and, 
again, makes a transition to the authenticated (S2) con- 
dition. 

[0391] That is to say, the bridge unit 46 decreases the 
authentication number counted by the authentication 
number counting means 48 of the bridge unit 46 by 1 in 
the case that decrement authentication is successfully 
carried out on an apparatus connected to IEEE 1394 
bus #2 (2) and, subsequently, decreases the key count 
number counted by the key counting means 47 by 1 in 
the case that decrement authentication is successfully 



carried out on the source 3. 

[0392] In contrast to this, in the present embodiment 
the authenticated (S2) condition makes a transition to 
decrement authentication (S5) carried out on the sink or 
on another bridge (reception side) in the case that dec- 
rement authentication is requested from IEEE 1394 bus 
#2. That is to say, the bridge unit 46 carries out decre- 
ment authentication for the apparatus connected to 
IEEE 1 394 bus #2 and in the case of a successful result, 
the authentication number counted by the authentica- 
tion number counting means 48 of the bridge unit 46 is 
decreased by 1 . 

[0393] Next, a transition is not made to decrement au- 
thentication (S6) carried out on the source but, rather, a 
transition is made to the authenticated (S2) condition. 
That is to say, decrement authentication is not sequen- 
tially carried out on the source 3. Accordingly the key 
count number counted by the key counting means 47 
does not change. 

[0394] When a predetermined period of time, for ex- 
ample 5 minutes, has elapsed wherein an authentica- 
tion request is not newly received from the apparatus 
connected to IEEE 1394 bus #2 since the above de- 
scribed decrement authentication is carried out, the 
bridge unit 46 carries out decrement authentication for 
the source. 

[0395] In the case that an authentication request is 
received from an apparatus, such as sink 7 (11), con- 
nected to IEEE 1394 bus #2 (2) under the condition 
wherein the bridge unit 46 has not yet carried out dec- 
rement authentication for the source, the authentication 
number has a value smaller than that of the key count 
number and, therefore, the bridge unit 46 does not need 
to carry out authentication for the source 3 before au- 
thentication is carried out on the apparatus that has re- 
quested that authentication so that the bridge unit 46 
can respond quickly, in comparison with the fifth embod- 
iment, to the authentication request from IEEE 1394 bus 
#2 (2). 

[0396] Accordingly, in addition to the same effects as 
of the fifth embodiment, the effect can further be gained 
that the response time to the authentication request of 
the bridge unit 46 becomes shorter. 
[0397] Here, the present invention is a program for al- 
lowing a computer to implement the functions of a 
means (or unit, element, circuit, portion, or the like) of 
the entirety, or a portion of, the above described copy- 
right protection system of the present invention and is a 
program that operates in cooperation with a computer. 
[0398] The present invention is a medium that holds 
a program for allowing a computer to implement the en- 
tirety of, or a portion of, the functions of a means of the 
entirety of, or a portion of, the above described copyright 
protection system of the present invention and is a me- 
dium that can be read by a computer and wherein the 
above described read out program implements the 
above described functions in cooperation with the above 
described computer. 
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[0399] Here, a portion of a means (or unit, element, 
circuit, portion, or the like) of the present invention and 
a portion of the step (or process, operation, working ef- 
fect, or the like) of the present invention mean several 
means or steps within this plurality of means or steps, 
or mean a portion of the functions or a portion of the 
operation within one means and one step. 
[0400] In addition, a portion of a unit (or element, cir- 
cuit, portion, or the like) of the present invention means 
several units within this plurality of units, means a por- 
tion of a means (or element, circuit, portion, or the like) 
within one unit or means a portion of the functions within 
one means. 

[0401] In addition, a recording medium that records a 
program of the present invention and that can be read 
by a computer is also included in the present invention. 
[0402] In addition, one application mode of a program 
of the present invention may be a mode wherein the pro- 
gram is recorded in a recording medium that can be read 
by a computer so as to operate in cooperation with the 
computer. 

[0403] In addition, one application mode of a program 
of the present invention may be a mode wherein the pro- 
gram is transmitted through a transmission medium and 
is read by a computer so as to operate in cooperation 
with the computer. 

[0404] In addition, the data structure of the present 
invention includes a data base, a data format, a data 
table, a data list, a type of data and the like. 
[0405] In addition, the recording medium includes a 
ROM, and the like, while the transmission medium in- 
cludes a transmission medium such as the Internet, 
light, radio waves, sound waves, and the like. 
[0406] In addition, the above described computer of 
the present invention is not limited to pure hardware, 
such as a CPU, but may include firmware, an OS or, in 
addition, a peripheral apparatus. 
[0407] Here, as described above, the configuration of 
the present invention may be implemented in a software 
manner or may be implemented in a hardware manner. 

industrial Applicability 

[0408] As is clear from the above description, the 
present invention can provide a copyright protection 
system, a transmission unit, a reception unit, a bridge 
unit, a copyright protection method, a medium and a pro- 
gram wherein the desire of copyright holders for limita- 
tion on the number of reception apparatuses that can 
receive a signal requiring copyright protection can be 
met even in the case that a bridge unit is connected to 
a network. 

[0409] In addition, the present invention can provide 
a copyright protection system, a transmission unit, a re- 
ception unit, a bridge unit, a copyright protection meth- 
od, a medium and a program wherein the desire of cop- 
yright holders for limitation on the number of reception 
apparatuses that can receive a signal requiring copy- 



right protection can be limited by designating the 
number of the reception apparatuses. 

s Claims 

1 . A copyright protection system, comprising: 

at least one, or more, reception unit that is con- 
10 nected to a network and that receives and uti- 

lizes data requiring copyright protection; and 
a transmission unit of transmitting said data re- 
quiring copyright protection to said reception 
unit by utilizing said network, wherein 
is said transmission unit has: an authentication 

means on the transmission side, of carrying out 
authentication for said reception unit; and an 
authentication number counting means of 
counting the authentication number, that is the 
20 number authenticated by said authentication 

means on the transmission side, and 
said reception unit has an authentication 
means on the reception side, of carrying out au- 
thentication for said authentication means on 
25 the transmission side, and wherein 

said authentication number is limited. 

2. The copyright protection system according to Claim 

1, wherein said authentication number counting 
so means adds said authentication number in the 

case'that said authentication means on the trans- 
mission side successfully carries out authentica- 
tion. 

35 3. The copyright protection system according to Claim 

2, wherein in the case that authentication is suc- 
cessfully carried out for said transmission unit, said 
reception unit does not, again, carry out an authen- 
tication request as long as said successful authen- 

40 tication is not reset due to a predetermined cause. 

4. The copyright protection system according to Claim 

3, further comprising a bridge unit of connecting 
said network to another network, 

45 wherein the bridge unit is handled in the same 

manner as said reception unit in said network to 
which said transmission unit is connected, and 

wherein said bridge unit can, again, carry out 
an authentication request. 

so 

5. The copyright protection system according to Claim 
2, wherein in the case that authentication is suc- 
cessfully carried out for said reception unit, said 
transmission unit does not accept an authentication 

55 request even if the authentication request is carried 
out, again, by said reception unit as long as said 
successful authentication is not reset due to a pre- 
determined cause. 
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6. The copyright protection system according to Claim 
5, further comprising a bridge unit of connecting 
said network to another network, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to 
which said transmission unit is connected, and 

wherein in the case that an authentication re- 
quest is carried out by said bridge unit said trans- 
mission unit accepts the authentication request. 

7. The copyright protection system according to Claim 
2, wherein in the case that authentication is suc- 
cessfully carried out on said reception unit, said 
transmission unit carries out authentication, again, 
for said reception unit and said authentication 
number counting means does not add said authen- 
tication number even if the authentication is suc- 
cessful, as long as said authentication is not reset 
due to a predetermined cause. 

8. The copyright protection system according to Claim 
7, further comprising a bridge unit of connecting 
said network to another network, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to 
which said transmission unit is connected, and 

wherein in the case that authentication is suc- 
cessfully carried out again for said bridge unit said 
authentication number counting means adds said 
authentication number. 

9. The copyright protection system according to any 
of Claims 3 to 8, wherein said authentication means 
on the transmission side has: 

a registration means of registering information 
that specifies said reception unit for which au- 
thentication is successfully carried out; and 
a redundancy determination means of deter- 
mining whether or not an authentication re- 
quest is the authentication request from said re- 
ception unit that has already successfully car- 
ried out authentication, when the authentica- 
tion request is carried out by said reception unit, 
by utilizing the registered information that spec- 
ifies said reception unit. 

10. The copyright protection system according to any 
of Claims 3 to 8, wherein the reset of said authen- 
tication occurs at the time when an update of a key 
is carried out. 

11. The copyright protection system according to any 
of Claims 3 to 8, wherein the reset of said authen- 
tication occurs at the time when an update of an ex- 
change key is carried out. 

12. The copyright protection system according to Claim 
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1 0, comprising a bridge unit for connecting said net- 
work to another network, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to 
s which said transmission unit is connected, and 

wherein in the case that said transmission unit 
carries out said update of a key the reset of said 
authentication is carried out also in said other net- 
work. 

10 

13. The copyright protection system according to any 
of Claims 3 to 8, wherein the reset of said authen- 
tication occurs at the time when a bus reset is car- 
ried out. 

15 

14. The copyright protection system according to Claim 
13, comprising a bridge unit of connecting said net- 
work to another network, 

wherein the bridge unit is handled in the same 
20 manner as said reception unit in said network to 
which said transmission unit is connected, and 

wherein in the case that said bus reset is car- 
ried out in said network to which said transmission 
unit is connected, the reset of said authentication is 
25 carried out also in said other network. 

15. The copyright protection system according to Claim 
1, wherein the limitation in said authentication 
number indicates that said authentication means on 

30 the transmission side does not accept an authenti- 
cation request from said reception unit in the case 
that said authentication number becomes a prede- 
termined value, or greater. 

35 16. The copyright protection system according to Claim 
1, wherein said authentication number counting 
means subtracts said authentication number in the 
case that said reception unit that has successfully 
carried out authentication for said authentication 

40 means on the transmission side stops the utilization 
of said data requiring copyright protection that is 
sent from said transmission unit. 

1 7. The copyright protection system according to Claim 
45 16, comprising a bridge unit of connecting said net- 
work to another network, 

wherein the bridge unit is handled in the same 
manner as said reception unit in said network to 
which said transmission unit is connected, and 

50 wherein "said bridge unit stops the utilization 

of said data requiring copyright protection that is 
sent from said transmission unit" indicates that ail 
of said reception units connected to said other net- 
work stop the utilization of said data requiring cop- 

55 yright protection that is sent from said transmission 
unit. 

18. The copyright protection system according to Claim 
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1 6, wherein said transmission unit has a registration 
means of registering information that specifies said 
reception unit that has successfully carried out au- 
thentication for said authentication means on the 
transmission side, and 

said registration means cancels the registra- 
tion of the information that specifies the reception 
unit that has successfully carried out authentication 
for said authentication means on the transmission 
side, in the case that said authentication number 
counting means subtracts said authentication 
number. 

19. The copyright protection system according to Claim 
1 6, wherein said transmission unit has an examina- 
tion means of examining whether or not said recep- 
tion unit has stopped the utilization of said data re- 
quiring copyright protection. 

20. The copyright protection system according to Claim 

19, wherein the stoppage of the utilization of said 
data requiring copyright protection indicates that 
said reception unit is detached from said network, 
and 

said examination means periodically exam- 
ines whether or not said reception unit is detached 
from said network. 

21 . The copyright protection system according to Claim 

20, wherein said examination indicates the period- 
ically examining of the connection number that is 
the number of said reception units connected to 
said network and the checking of which of said re- 
ception units is detached from said network in the 
case that said connection number is reduced. 

22. The copyright protection system according to Claim 
19, wherein said examination means checks if said 
reception unit has stopped the utilization of said da- 
ta requiring copyright protection by examining an 
operational condition of said reception unit and/or 
an active condition of the connection plugs, and 

said authentication number counting means 
subtracts said authentication number in the case 
that, as a result of the examination by said exami- 
nation means, said reception unit is determined not 
to utilize said data requiring copyright protection. 

23. The copyright protection system according to Claim 
20 or 21 , wherein said examination means has a 
correspondence table of allowing information that 
specifies said reception unit to correspond to the 
signature of that reception unit 

said examination means determines whether 
or not authentication has been carried out on said 
reception unit that is detached from said network by 
utilizing said correspondence table, and 

said authentication number counting means 



subtracts said authentication number in the case 
that said determination result shows that authenti- 
cation has been carried out for said reception unit 
that is detached from said network. 

5 

24. The copyright protection system according to Claim 
16, wherein said authentication means on the re- 
ception side carries out a decrement authentication 
request of subtracting said authentication number 

10 for said transmission unit in the case that said re- 
ception unit stops the utilization of said data requir- 
ing copyright protection that is sent from said trans- 
mission unit, 

said authentication means on the transmis- 

15 sion side carries out said decrement authentication 
for said authentication means on the reception side, 
and 

said authentication number counting means 
subtracts said authentication number when said 
20 decrement authentication is successful. 

25. The copyright protection system according to Claim 
24, wherein a command for decrement authentica- 
tion, that is a command for carrying out said decre- 
es ment authentication, is prepared separately from 

the authentication command that is the command 
for carrying out authentication at the time when said 
data requiring copyright protection is utilized. 

30 26. The copyright protection system according to Claim 
24 or 25, wherein said data requiring copyright pro- 
tection is encrypted and 

said reception unit abandons the key for de- 
coding said data requiring copyright protection 
35 when said decrement authentication is successful. 

27. The copyright protection system according to Claim 
24 or 25, wherein said decrement authentication dif- 
fers from the authentication for utilizing said data 

40 requiring copyright protection in at least one, or 
more, of a signature, an authentication method and 
an operational equation. 

28. The copyright protection system according to Claim 
45 1 8, wherein when the authentication is reset due to 

the predetermined cause, said authentication 
number counting means initializes said authentica- 
tion number while said registration means cancels 
all the registrations of information that specifies the 
50 reception unit which has successfully carried out 
authentication for said authentication means on the 
transmission side. 

29. The copyright protection system according to Claim 
55 2, further comprising a bridge unit of connecting 

said network to another network. 

30. The copyright protection system according to Claim 
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29, wherein said bridge unit is handled in the same 
manner as said transmission unit in said other net- 
work, and 

in the case that an authentication request is 
carried out by said reception unit connected to said 5 
other network, 

authentication is carried out for said transmis- 
sion unit connected to said network before authen- 
tication is carried out for the reception unit and in 
the case that the authentication forthe transmission 10 
unit is successful authentication is carried out for 
said reception unit. 

31 . . The copyright protection system according to Claim 
29, wherein, in the case that said authentication 1$ 
number counting means of said bridge unit is sub- 
tracted, said bridge unit carries out decrement au- 
thentication for said transmission unit connected to 
said network, in order to subtract said authentica- 
tion number counted by said authentication number 20 
counting means of said transmission unit that is 
connected to said network. 

32. The copyright protection system according to Claim 

29, wherein said authentication number counting 25 
means of said bridge unit counts the authentication 
number that is the number of the successful authen- 
tications carried out for said reception unit, which is 
connected to said other network, by said authenti- 
cation means on the transmission side of said 30 
bridge unit. 35. 

33. The copyright protection system according to Claim 
32, wherein, in the case that said transmission unit 

is newly connected to said network, said bridge unit 35 
carries out authentication for said newly connected 
transmission unit in accordance with said authenti- 
cation number that is counted by said authentica- 
tion number counting means of said bridge unit. 

40 

34. The copyright protection system according to Claim 

30, wherein said bridge unit has a key counting 
means of counting a limitation number of a permis- 
sions allocated by said transmission unit that is con- 
nected to said network, 

said authentication number counting means 
of said bridge unit counts said authentication 
number that is the number of successful authenti- 36. 
cation carried out for said reception unit, which is 
connected to said other network, by said authenti- so 
cation means on the transmission side of said 
bridge unit, 

said bridge unit sets the number of successful 
authentications carried out for said transmission 
unit, which is connected to said network, as the lim- 55 
itation number of said permissions counted by said 
key counter, 

in the case that a decrement authentication 



request is carried out, in order to subtract said au- 
thentication number counted by said authentication 
number counting means of said bridge unit, by said 
reception unit that is connected to said other net- 
work, said bridge unit does not carry out decrement 
authentication for said transmission unit that is con- 
nected to said network but, rather, carries out dec- 
rement authentication for the reception unit, 

said authentication number counting means 
of said bridge unit subtracts said authentication 
number when said decrement authentication is suc- 
cessful, and 

at the time when an authentication request is 
newly carried out by said reception unit connected 
to said other network, 

authentication is carried out forthe reception 
unit in the case that the limitation number of said 
permissions is smaller than said authentication 
number that is counted by said authentication 
number counting means of said bridge unit while 
authentication is carried out for said transmission 
unit connected to said network before authentica- 
tion is carried out for the reception unit in the case 
that the limitation number of said permissions is not 
smaller than said authentication number counted by 
said authentication number counting means of said 
bridge unit and, then, authentication is carried out 
for the reception unit in the case that the authenti- 
cation for said transmission unit is successful. 

The copyright protection system according to Claim 
29, wherein said bridge unit reencrypts data that is 
sent from said transmission unit connected to said 
network and transmits the data to said reception 
unit connected to said other network, 

said authentication number counting means 
of said bridge unit counts the authentication number 
that is the number of successful authentications 
carried out for said reception unit, which is connect- 
ed to said other network, by said authentication 
means on the transmission side of said bridge unit, 
and 

said bridge unit has a key counting means of 
counting the limitation number of permissions allo- 
cated by said transmission unit connected to said 
network. 

The copyright protection system according to Claim 
35, wherein in the case that an authentication re- 
quest is carried out by said reception unit that is con- 
nected to said other network, in the case that said 
authentication number counted by said authentica- 
tion number counting means of said bridge unit and 
the limitation number of said permissions counted 
by said key counting means are greater than said 
authentication number counted by said authentica- 
tion number counting means of said bridge unit, 
said bridge unit permits the authentication request. 
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37. The copyright protection system according to Claim 
36, wherein the upper limit of the limitation number 
9f permissions counted by said key counting means 
is in advance given by said transmission unit that is 
connected to said network. 

38. The copyright protection system according to Claim 
36, wherein said bridge unit carries out authentica- 
tion for said transmission unit, which is connected 
to said network and, thereby, the upper limit of the 
limitation number of permissions counted by said 
key counting means is added. 

39. The copyright protection system according to Claim 
35, wherein, in the case that an authentication re- 
quest is carried out by. said reception unit connect- 
ed to said other network, in the case that the limita- 
tion number of said permissions counted by said 
key counting means is not greater than said authen- 
tication number counted by said authentication 
number counting means of said bridge unit, said 
bridge unit rejects the authentication request. 

40. The copyright protection system according to Claim 
35, wherein, in the case that an authentication re- 
quest is carried out by said reception unit connected 
to said other network, in the case that the limitation 
number of said permissions counted by said key 
counting means is not greater than said authentica- 
tion number counted by said authentication number 
counting means of said bridge unit, said bridge unit 
calls on said transmission unit connected to said 
network to add the limitation number of said permis- 
sions. 

41 . The copyright protection system according to Claim 
35, wherein, in the case that an authentication re- 
quest is carried out by said reception unit connected 
to said other network, in the case that the limitation 
number of said permissions counted by said key 
counting means is not greater than said authentica- 
tion number counted by said authentication number 
counting means of said bridge unit, said bridge unit 
carries out an authentication request for said trans- 
mission unit connected to said network and said key 
counting means adds the limitation number of said 
permissions in the case that said authentication is 
successful. 

42. The copyright protection system according to Claim 
29, wherein said bridge unit makes a notification of 
the number of said reception units that is connected 
to said other network and that carries out an authen- 
tication request for said transmission unit connect- 
ed to said network whenever an authentication re- 
quest is carried out by said reception unit connected 
to said other network. 



43. The copyright protection system according to Claim 
42, wherein a field for making a notification of said 
number is provided in an authentication command 
of said bridge unit to carry out an authentication re- 

s quest for said transmission unit that is connected to 
said network so that said bridge unit makes a noti- 
fication of said number by utilizing said field. 

44. The copyright protection system according to Claim 
10 29, wherein an authentication command of said 

bridge unit to carry out an authentication request for 
said transmission unit that is connected to said net- 
work is distinguished from an authentication com- 
mand of said reception unit that does not have a 
15 function of said bridge unit and that is connected to 
said network to carry out an authentication request 
for said transmission unit connected to said net- 
work. 

20 45. The copyright protection system according to Claim 
44, wherein said distinguishment is carried out by 
means of the signature attached to said authentica- 
tion command. 

25 46. A transmission unit for transmitting data requiring 
copyright protection, by utilizing a network, to at 
least one, or more, reception unit which has an au- 
thentication means on the reception side for carry- 
ing out authentication for a transmission unitjscon- 

30 nected to said network and receives and utilizes 
said data requiring copyright protection, wherein 
the transmission unit comprises characterized in 
having: 

35 an authentication means on the transmission 

side for carrying out authentication for said au- 
thentication means on the reception side; and 
an authentication number counting means of 
counting authentication number that is the 

40 number of authentications carried out by said 

authentication means on the transmission side, 

wherein said authentication number is limited. 

45 47. a reception unit that is connected to a network and 
that receives and utilizes data requiring copyright 
protection, wherein the reception unit comprises: 

an authentication means on the reception side 
50 of carrying out authentication for an authentica- 

tion means on the transmission side which is 
provided in a transmission unit having said au- 
thentication means on the transmission side of 
carrying our authentication for the reception 
55 unit and an authentication number counting 

means of counting authentication number that 
is the number of the authentications carried out 
by said authentication means on the transmis- 
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sion side, 



x wherein said authentication number is limited, 

48. Abridge unit for transmitting data requiring copy- 
right protection that is transmitted from a transmis- 
sion unit connected to one said network to a recep- 
tion unit connected to the other said network, 
wherein the bridge unit comprises: 

an authentication means on the transmission 
side for bridge unit that carries out authentica- 
tion for said reception unit; 
an authentication number counting means of 
bridge unit that counts the authentication 
number for bridge unit that is the number of the 
authentications carried out by said authentica- 
tion means on the transmission side; and 
an authentication means on the reception side 
for bridge unit that carries out authentication for 
said transmission unit, 

wherein said transmission unit has: an au- 
thentication means on the transmission side for car- 
rying out authentication for said reception unit that 
is connected to saidb ridge unit or for saidnetwork; 
and an authentication number counting means of 
counting the authentication number that is the 
number of the authentications carried out by said 
authentication means on the transmission side, 

wherein said reception unit has an authenti- 
cation means on the reception side that carries out 
authentication for said transmission unit connected 
to said bridge unit or for said other network, and 

wherein said authentication number counted 
by said authentication means on the transmission 
side is limited. 
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the authentication means on the transmission 
side in said transmission unit for carrying out 
authentication for said reception unit; and 
the authentication number counting means of 
counting the authentication number that is the 
number of authentications carried out by said 
authentication means on the transmission side, 
in the copyright protection system according to 
Claim 1 . 

A program for allowing a computer to function as 
the entirety, or a part, of: 

the authentication means on the reception side 
in said reception unit for carrying out authenti- 
cation for said authentication means on the 
transmission side; 

the authentication means on the transmission 
side in said transmission unit for carrying out 
authentication for said reception unit; and 
the authentication number counting means of 
counting the authentication number that is the 
number of authentications carried out by said 
authentication means on the transmission side, 

in the copyright protection system according to 
Claim 1 . 



49. A copyright protection method of transmitting data 
requiring copy protection from a transmission unit, 40 
by utilizing a network, to at least one, or more, re- 
ception unit that is connected to said network and 
that receives and utilizes said data requiring copy- 
right protection, wherein that copyright protection 
method is characterized in that said transmission 45 
unit counts the authentication number that is the 
number of authentications carried out on said re- 
ception unit, and in that 

said authentication number is limited. 

50 

50. A medium that can be processed by a computer and 
that is a medium holding a program for allowing a 
computer to function as the entirety, or a part, of: 

the authentication means on the reception side 55 
in said reception unit for carrying out authenti- 
cation for said authentication means on the 
transmission side; 
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Fig. 2 
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Fig. 3 
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Fig. 5 
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